CVE-2024-45409

Sept. 20, 2024, 2:13 p.m.

9.8
Critical

Description

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

Product(s) Impacted

Vendor Product Versions
Onelogin
  • Ruby-saml
  • *
Omniauth
  • Omniauth Saml
  • *, 2.0.0, 2.1.0
Gitlab
  • Gitlab
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-347
Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a onelogin ruby-saml / / / / / / / /
a onelogin ruby-saml / / / / / / / /
a omniauth omniauth_saml / / / / / ruby / /
a omniauth omniauth_saml 2.0.0 / / / / ruby / /
a omniauth omniauth_saml 2.1.0 / / / / ruby / /
a gitlab gitlab / / / / / / / /
a gitlab gitlab / / / / / / / /
a gitlab gitlab / / / / / / / /
a gitlab gitlab / / / / / / / /
a gitlab gitlab / / / / / / / /

References

https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq

Tags

security-advisories@github.com
CWE-347
2024-09-10
CVE-2024-45409

CVSS Score

9.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Sept. 10, 2024, 7:15 p.m.
Last Modified: Sept. 20, 2024, 2:13 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.