Vulnerability Description
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Onelogin | Ruby-Saml | < 1.12.3 |
| Omniauth | Omniauth Saml | <= 1.10.3 |
| Gitlab | Gitlab | < 16.11.10 |
Related Weaknesses (CWE)
References
- https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741Patch
- https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654Patch
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rVendor Advisory
- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvVendor Advisory
- https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html
- https://news.ycombinator.com/item?id=41586031
- https://security.netapp.com/advisory/ntap-20240926-0008/
- https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-
FAQ
What is CVE-2024-45409?
CVE-2024-45409 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthentic...
How severe is CVE-2024-45409?
CVE-2024-45409 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-45409?
Check the references section above for vendor advisories and patch information. Affected products include: Onelogin Ruby-Saml, Omniauth Omniauth Saml, Gitlab Gitlab.