Analysis from the Intruder Security Team
Published Oct 7, 2024 Updated Oct 7, 2024
CVE-2024-45409
Attackers could leverage this vulnerability against a GitLab instance to push compromised builds or malicious updates to end users, causing widespread impact across the organization's supply chain.
The Ruby-SAML library used in GitLab versions <= 12.2 and 1.13.0 to 1.16.0 fails to properly verify SAML signatures. This vulnerability (CVE-2024-45409) allows a remote unauthenticated attacker to forge SAML responses, enabling unauthorized access to arbitrary gitlab accounts.
A patch and mitigations to prevent exploitation are available here
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF41BEEE-FC5B-4728-B9BE-0B58C04F547E",
"versionEndExcluding": "1.12.3"
},
{
"criteria": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADBA67BE-BC31-48C0-A36F-9431814178C0",
"versionEndExcluding": "1.17.0",
"versionStartIncluding": "1.13.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "6D978907-97A8-4EF4-BF81-FE8702C24745",
"versionEndIncluding": "1.10.3"
},
{
"criteria": "cpe:2.3:a:omniauth:omniauth_saml:2.0.0:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "527AEDE3-F8EB-4C38-AF51-3B679AC4E336"
},
{
"criteria": "cpe:2.3:a:omniauth:omniauth_saml:2.1.0:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "3F307538-4D4D-4DD1-A9A0-F4D06E20163E"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7000556E-4EBB-4B99-84B1-A2EEA709311C",
"versionEndExcluding": "16.11.10"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B47FDB0-B642-4E50-B0B6-1D71545FE917",
"versionEndExcluding": "17.0.8",
"versionStartIncluding": "17.0.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86B327A7-22C7-488F-ABA6-3AC90EF07D04",
"versionEndExcluding": "17.1.8",
"versionStartIncluding": "17.1.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E831CA83-DDA9-4F47-BCF8-2CBB7E74C9DC",
"versionEndExcluding": "17.2.7",
"versionStartIncluding": "17.2.0"
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60003658-012F-4DB8-9D8F-8E48C14CA0C4",
"versionEndExcluding": "17.3.3",
"versionStartIncluding": "17.3.0"
}
],
"operator": "OR"
}
]
}
]