CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae	Patch
https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7	Patch
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2	Vendor Advisory
https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:onelogin:ruby-saml::::::::
	cpe:2.3:a:onelogin:ruby-saml::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:omniauth:omniauth_saml::::::ruby::*
	cpe:2.3:a:omniauth:omniauth_saml:2.0.0:::::ruby::
	cpe:2.3:a:omniauth:omniauth_saml:2.1.0:::::ruby::

Configuration 3 (hide)

OR	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::
	cpe:2.3:a:gitlab:gitlab::::::::

History

20 Sep 2024, 14:13

Type	Values Removed	Values Added
First Time		Onelogin ruby-saml Gitlab Omniauth omniauth Saml Onelogin Omniauth Gitlab gitlab
CPE		cpe:2.3:a:omniauth:omniauth_saml:2.0.0:::::ruby:: cpe:2.3:a:omniauth:omniauth_saml:2.1.0:::::ruby:: cpe:2.3:a:gitlab:gitlab:::::::: cpe:2.3:a:omniauth:omniauth_saml::::::ruby::* cpe:2.3:a:onelogin:ruby-saml::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~10.0~~	v2 : unknown v3 : 9.8
References	~~() https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae -~~	() https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae - Patch
References	~~() https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7 -~~	() https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7 - Patch
References	~~() https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 -~~	() https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 - Vendor Advisory
References	~~() https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq -~~	() https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq - Vendor Advisory

11 Sep 2024, 21:15

Type	Values Removed	Values Added
References		() https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq -

11 Sep 2024, 16:26

Type	Values Removed	Values Added
Summary		(es) La librería Ruby SAML sirve para implementar el lado del cliente de una autorización SAML. Ruby-SAML en <= 12.2 y 1.13.0 <= 1.16.0 no verifica correctamente la firma de la respuesta SAML. Un atacante no autenticado con acceso a cualquier documento SAML firmado (por el IdP) puede falsificar una respuesta/afirmación SAML con contenido arbitrario. Esto le permitiría al atacante iniciar sesión como un usuario arbitrario dentro del sistema vulnerable. Esta vulnerabilidad se solucionó en 1.17.0 y 1.12.3.

10 Sep 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 19:15

Updated : 2024-09-20 14:13

NVD link : CVE-2024-45409

Mitre link : CVE-2024-45409

CVE.ORG link : CVE-2024-45409

JSON object : View

Products Affected

gitlab

gitlab

omniauth

omniauth_saml

onelogin

ruby-saml

CWE

CWE-347

Improper Verification of Cryptographic Signature

9.8 /10