InfoSecBulletin Cybersecurity for mankind
GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0) could let an attacker log in as any user in the affected system. It was fixed by the maintainers last week.
The issue arises from the library not verifying the SAML Response’s signature correctly. SAML, or Security Assertion Markup Language, is a protocol for single sign-on (SSO) and sharing authentication and authorization data between applications.
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
“An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents, according to a security advisory. “This would allow the attacker to log in as arbitrary user within the vulnerable system.”
“The vulnerability also affects omniauth-saml, which has released its own update (version 2.2.1) to fix ruby-saml to version 1.17.” “The latest patch from GitLab is designed to update omniauth-saml to version 2.2.1 and ruby-saml to 1.17.0.”
GitLab is advising users to enable two-factor authentication (2FA) for all accounts and prevent the SAML two-factor bypass option.
“Successful exploitation attempts will trigger SAML related log events,” it said. “A successful exploitation attempt will log whatever extern_id value is set by the attacker attempting exploitation.”
“Unsuccessful exploitation attempts may generate a ValidationError from the RubySaml library. This could be for a variety of reasons related to the complexity of crafting a working exploit.”
“Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including a serious bug affecting Apache HugeGraph-Server (CVE-2024-27348, CVSS score: 9.8), with evidence showing it is actively being exploited.”
