InfoSecBulletin Cybersecurity for mankind
GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0) could let an attacker log in as any user in the affected system. It was fixed by the maintainers last week.
The issue arises from the library not verifying the SAML Response’s signature correctly. SAML, or Security Assertion Markup Language, is a protocol for single sign-on (SSO) and sharing authentication and authorization data between applications.
Account Credentials for Security Vendors Found on Dark Web: Cyble Report
Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns
GitLab Releases Patch (CVE-2025-0314) for XSS Exploit
CVE-2025-20156
Cisco Fixes Meeting Management Allowing Privilege Escalation
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
“An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents, according to a security advisory. “This would allow the attacker to log in as arbitrary user within the vulnerable system.”
“The vulnerability also affects omniauth-saml, which has released its own update (version 2.2.1) to fix ruby-saml to version 1.17.” “The latest patch from GitLab is designed to update omniauth-saml to version 2.2.1 and ruby-saml to 1.17.0.”
GitLab is advising users to enable two-factor authentication (2FA) for all accounts and prevent the SAML two-factor bypass option.
“Successful exploitation attempts will trigger SAML related log events,” it said. “A successful exploitation attempt will log whatever extern_id value is set by the attacker attempting exploitation.”
“Unsuccessful exploitation attempts may generate a ValidationError from the RubySaml library. This could be for a variety of reasons related to the complexity of crafting a working exploit.”
“Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including a serious bug affecting Apache HugeGraph-Server (CVE-2024-27348, CVSS score: 9.8), with evidence showing it is actively being exploited.”
