A severe SAML authentication vulnerability affected GitLab, which could allow an adversary to bypass SAML authentications for unrestricted access. GitLab patched this SAML auth flaw with the latest CE/EE releases.
GitLab SAML Auth Flaw Patched
According to its latest advisory, GitLab addressed a critical SAML auth bypass flaw affecting the self-managed installations.
GitLab uses the Security Assertion Markup Language (SAML) single sign-on (SSO) authentication protocol for validating secure and authorized access to GitLab instances. However, due to the vulnerability, it became possible for an adversary to evade the authentication checks and access GitLab instances without authorization.
The vulnerability, tracked as CVE-2024-45409, specifically affected the Ruby SAML library that implements client-side SAML authorization. Due to improper signature verification of the SAML response, the vulnerability allowed an attacker to forge SAML responses with arbitrary content. In turn, the attacker could access the target systems as an arbitrary user.
This vulnerability affected Ruby SAML versions 12.2 through 1.13.0, receiving a patch with versions 1.17.0 and 1.12.3, respectively. It received a critical severity rating with a CVSS score of 10.0, indicating the crucial nature of the flaw.
According to GitLab, this vulnerability only affected GitLab instances with SAML authentication enabled. The service released the vulnerability fix with GitLab Community Edition (CE) and Enterprise Edition (EE) versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10.
Although the service urges all users to patch their systems with the latest GitLab releases, it also shares mitigations. Hence, users may apply these mitigations accordingly where an immediate update isn’t possible. These steps include enabling two-factor authentication for all user accounts on GitLab instances and disabling the SAML two-factor bypass option.
The requirement for manual updates applies only to GitLab self-managed instances. The service confirmed automatic updates for GitLab Dedicated instances, requiring no further input from the users.
In May, GitLab also patched a serious XSS vulnerability, allowing account takeovers, alongside many other security vulnerabilities.
Let us know your thoughts in the comments.