GitLab critical authentication flaw patched in Community and Enterprise edition

A 10/10 vulnerability allowed access for unauthenticated persons.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

DevOps platform GitLab patched a critical-severity flaw found in its Community Edition (CE) and Enterprise Edition (EE) solutions, which could grant malicious users access to restricted information.

The flaw, described as a “SAMLauthenticationbypass”, is tracked asCVE-2024-45409, and carries the perfect severity score of 10/10. Short Assertion Markup Language (SAML), is a web-based authentication protocol facilitating, among other things, the single sign-on (SSO) feature.

It was discovered that the ryb-saml library wasn’t verifying the signature of the SAML Response properly, allowing threat actors to log in.

No evidence of abuse

No evidence of abuse

“An unauthenticated attacker with access to any signed SAML document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents,” GitHub explained in a security advisory. “This would allow the attacker to log in as arbitrary user within the vulnerable system.”

Those worried about compromise should make sure their Community Edition and Enterprise Edition solutions are upgraded to versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10. Those unable to apply the patch right now should enable two-factor authentication (2FA) for all accounts, and disallow the SAML two-factor bypass option.

While GitHub did not explicitly state if the vulnerability was abused in the wild yet or not, its wording in the security advisory is somewhat telling. In the document, the maintainers shared details on spotting both successful and unsuccessful exploitation attempts suggesting, at least, that the crooks might be trying their luck already.

GitLab is a web-based DevOps platform that provides tools for version control, continuous integration/continuous delivery (CI/CD), and software development lifecycle management. It helps teams collaborate on code, automate testing, and streamline deployment processes and has tens of millions of active users. As such, it is a high-profile target for all sorts of cybercriminals.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Hacker News

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!