CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*
cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*
cpe:2.3:a:omniauth:omniauth_saml:2.0.0:*:*:*:*:ruby:*:*
cpe:2.3:a:omniauth:omniauth_saml:2.1.0:*:*:*:*:ruby:*:*

Configuration 3 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 10.0
References
  • () https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html -
  • () https://news.ycombinator.com/item?id=41586031 -
  • () https://security.netapp.com/advisory/ntap-20240926-0008/ -
  • () https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/ -

20 Sep 2024, 14:13

Type Values Removed Values Added
CPE cpe:2.3:a:omniauth:omniauth_saml:2.0.0:*:*:*:*:ruby:*:*
cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
cpe:2.3:a:omniauth:omniauth_saml:2.1.0:*:*:*:*:ruby:*:*
cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*
First Time Gitlab gitlab
Omniauth omniauth Saml
Onelogin
Gitlab
Onelogin ruby-saml
Omniauth
CVSS v2 : unknown
v3 : 10.0
v2 : unknown
v3 : 9.8
References () https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae - () https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae - Patch
References () https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7 - () https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7 - Patch
References () https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 - () https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 - Vendor Advisory
References () https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq - () https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq - Vendor Advisory

11 Sep 2024, 21:15

Type Values Removed Values Added
References
  • () https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq -

11 Sep 2024, 16:26

Type Values Removed Values Added
Summary
  • (es) La librería Ruby SAML sirve para implementar el lado del cliente de una autorización SAML. Ruby-SAML en &lt;= 12.2 y 1.13.0 &lt;= 1.16.0 no verifica correctamente la firma de la respuesta SAML. Un atacante no autenticado con acceso a cualquier documento SAML firmado (por el IdP) puede falsificar una respuesta/afirmación SAML con contenido arbitrario. Esto le permitiría al atacante iniciar sesión como un usuario arbitrario dentro del sistema vulnerable. Esta vulnerabilidad se solucionó en 1.17.0 y 1.12.3.

10 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 19:15

Updated : 2024-11-21 09:37


NVD link : CVE-2024-45409

Mitre link : CVE-2024-45409

CVE.ORG link : CVE-2024-45409


JSON object : View

Products Affected

onelogin

  • ruby-saml

omniauth

  • omniauth_saml

gitlab

  • gitlab
CWE
CWE-347

Improper Verification of Cryptographic Signature