InfoSecBulletin Cybersecurity for mankind
GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0) could let an attacker log in as any user in the affected system. It was fixed by the maintainers last week.
The issue arises from the library not verifying the SAML Response’s signature correctly. SAML, or Security Assertion Markup Language, is a protocol for single sign-on (SSO) and sharing authentication and authorization data between applications.
GitLab Patches Critical Authentication Bypass flaw
Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
“An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents, according to a security advisory. “This would allow the attacker to log in as arbitrary user within the vulnerable system.”
“The vulnerability also affects omniauth-saml, which has released its own update (version 2.2.1) to fix ruby-saml to version 1.17.” “The latest patch from GitLab is designed to update omniauth-saml to version 2.2.1 and ruby-saml to 1.17.0.”
GitLab is advising users to enable two-factor authentication (2FA) for all accounts and prevent the SAML two-factor bypass option.
“Successful exploitation attempts will trigger SAML related log events,” it said. “A successful exploitation attempt will log whatever extern_id value is set by the attacker attempting exploitation.”
“Unsuccessful exploitation attempts may generate a ValidationError from the RubySaml library. This could be for a variety of reasons related to the complexity of crafting a working exploit.”
“Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including a serious bug affecting Apache HugeGraph-Server (CVE-2024-27348, CVSS score: 9.8), with evidence showing it is actively being exploited.”
