CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-45409

CVSS 10.0v3.1pub. 2024-09-10upd. 2024-11-21

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

🤖 AI Analysis
How it works

The Ruby-SAML library does not properly verify the cryptographic signature of the SAML Response returned by the identity provider (IdP). An attacker with access to any SAML document signed by the IdP can use it as a basis to craft their own SAML response or assertion with arbitrary content — including any user identity. The forged document is accepted by the vulnerable system as valid because signature verification is ineffective.

Impact

An unauthenticated attacker can log in as any user in a system using the vulnerable library, including as an administrator, leading to full account takeover and unauthorized access to protected resources.

Mitigation & patch

Ruby-SAML should be updated to version 1.17.0 or 1.12.3, in which the vulnerability has been fixed. Users of the omniauth-saml library should update the Ruby-SAML dependency to a secure version according to recommendations published in the vendor's repository.

Who is affected

Ruby-SAML in versions <= 1.12.2 and >= 1.13.0 and <= 1.16.0; omniauth-saml library using vulnerable versions of Ruby-SAML

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • GitLab

    APP
    Gitlab
    17.3.0 – 17.3.3 (bez)< 16.11.1017.0.0 – 17.0.8 (bez)17.1.0 – 17.1.8 (bez)17.2.0 – 17.2.7 (bez)
  • Omniauth Saml

    APP
    Omniauth
    2.0.02.1.0≤ 1.10.3
  • Onelogin Ruby Saml

    APP
    Onelogin
    < 1.12.31.13.0 – 1.17.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-7028CRITICAL10.0⚠ KEVPL ✓ten sam produkt

GitLab: Przejęcie konta przez reset hasła na niezweryfikowany e-mail

CVE-2021-22205CRITICAL10.0⚠ KEVten sam produkt

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properl...

CVE-2025-66568CRITICAL9.3PL ✓ten sam produkt

Authentication bypass w ruby-saml poprzez atak Signature Wrapping

CVE-2025-66567CRITICAL9.3PL ✓ten sam produkt

Auth Bypass w ruby-saml przez atak Signature Wrapping (CVE-2025-66567)

CVE-2025-25292CRITICAL9.3PL ✓ten sam produkt

Pominięcie uwierzytelnienia SAML SSO przez atak Signature Wrapping w ruby-saml