10

CVE-2024-45409

The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OneloginRuby-saml Version < 1.12.3
OneloginRuby-saml Version >= 1.13.0 < 1.17.0
OmniauthOmniauth Saml SwPlatformruby Version <= 1.10.3
OmniauthOmniauth Saml Version2.0.0 SwPlatformruby
OmniauthOmniauth Saml Version2.1.0 SwPlatformruby
GitlabGitLab Version < 16.11.10
GitlabGitLab Version >= 17.0.0 < 17.0.8
GitlabGitLab Version >= 17.1.0 < 17.1.8
GitlabGitLab Version >= 17.2.0 < 17.2.7
GitlabGitLab Version >= 17.3.0 < 17.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.68% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 10 3.9 5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
Patch
https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
Patch
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
Vendor Advisory
https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html
https://news.ycombinator.com/item?id=41586031
https://security.netapp.com/advisory/ntap-20240926-0008/
https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/