Tech News
GitLab Addressed Critical SAML Auth Flaw With Latest Release
A critical SAML authentication vulnerability has been discovered in GitLab, allowing malicious actors to bypass SAML authentication and gain unrestricted access. GitLab has promptly addressed this issue with the latest releases of both the Community Edition (CE) and Enterprise Edition (EE).
GitLab Addresses SAML Authentication Bypass Vulnerability
GitLab has recently released an advisory addressing a critical SAML authentication bypass vulnerability affecting self-managed installations.
GitLab utilizes the Security Assertion Markup Language (SAML) single sign-on (SSO) authentication protocol to ensure secure and authorized access to its instances. However, the vulnerability discovered made it possible for attackers to circumvent the authentication mechanisms and gain unauthorized access to GitLab instances.
Identified as CVE-2024-45409, the vulnerability specifically impacted the Ruby SAML library responsible for implementing client-side SAML authorization. The flaw allowed attackers to manipulate SAML responses by bypassing signature verification, enabling them to access target systems as any user.
The vulnerability affected Ruby SAML versions 12.2 through 1.13.0 and has been patched in versions 1.17.0 and 1.12.3. With a critical severity rating and a CVSS score of 10.0, the significance of this vulnerability cannot be understated.
GitLab confirms that only instances with SAML authentication enabled were affected by this vulnerability. The fix has been rolled out in GitLab CE and EE versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.
While GitLab advises users to update to the latest releases, they have also shared mitigation measures for those unable to update immediately. These measures include enabling two-factor authentication for all user accounts and disabling the SAML two-factor bypass option.
Manual updates are required for self-managed GitLab instances, while GitLab Dedicated instances will receive automatic updates without user intervention.
In addition to this SAML vulnerability, GitLab has previously patched a significant XSS vulnerability in May, which could lead to account takeovers and other security risks.
We would love to hear your thoughts on this matter. Please share your comments below.
Blaine Higgs asked to apologize for ‘joke’ about dead N.B. Liberal supporter – New Brunswick
Best SAD Lamps 2024: Seasonal Affective Disorder Lamps Tested
Concord’s future still unknown as the game’s Director steps down
GitLab Addressed Critical SAML Auth Flaw With Latest Release
Nationals send All-Star CJ Abrams to Triple-A in stunner
PM Modi in U.S. LIVE: Prime Minster Narendra Modi to arrive in Philadelphia shortly for the Quad summit
OnePlus Watch 2R review: Less is More
Like A Dragon: Pirate Yakuza In Hawaii has been announced and is coming for you, Skull And Bones
NYT Mini Crossword today: puzzle answers for Saturday, September 21
Activists call for Boogie the monkey to be removed from Ontario roadside zoo
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
The Top 20 Motivational Instagram Accounts to Follow (2024)
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
Democrats and allies to flood airwaves, drop more than $125M on abortion push
Family Holiday Checklist | What To Pack Family Holiday
Concord price, beta, preorder details for PS5 and PC confirmed
Turkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
Tim Scott Makes New Push to Woo Black and Hispanic Republicans
Epic Bus Tours New Zealand
-
Tech News4 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation3 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Self Development4 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Destination4 months agoOur new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Activities4 months agoFamily Holiday Checklist | What To Pack Family Holiday
-
Breaking News4 months agoDemocrats and allies to flood airwaves, drop more than $125M on abortion push
-
Destination4 months agoTurkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
-
Gaming4 months agoConcord price, beta, preorder details for PS5 and PC confirmed