September 19, 2024 at 01:36AM
GitLab released patches to address a critical flaw in both Community and Enterprise Editions, rooted in the ruby-saml library, allowing an authentication bypass. The vulnerability affects single sign-on security, prompting the update of dependencies and urging self-managed installations to enable two-factor authentication as a mitigation. Threat indicators suggest active exploitation attempts.
Key points from the meeting notes:
– GitLab released patches to fix a critical flaw affecting both Community Edition (CE) and Enterprise Edition (EE) related to an authentication bypass vulnerability in the ruby-saml library.
– The flaw allows an attacker to log in as any user within the vulnerable system, and it also impacts omniauth-saml.
– The latest patch updates the dependencies omniauth-saml to version 2.2.1 and ruby-saml to 1.17.0, and GitLab recommends enabling two-factor authentication and discontinuing the SAML two-factor bypass option as mitigations.
– While there is no mention of the flaw being exploited in the wild, GitLab has provided indicators of attempted or successful exploitation.
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including a critical bug affecting Apache HugeGraph-Server.
Let me know if you need further information or assistance.