September 18, 2024 at 02:43PM
GitLab has released security updates for a critical SAML authentication bypass vulnerability affecting self-managed installations of GitLab CE and EE. The flaw arises from a problem in the OmniAuth-SAML and Ruby-SAML libraries, allowing attackers to gain unauthorized access. GitLab strongly recommends immediate upgrades and suggests enabling two-factor authentication as a temporary solution. Exploitation signs are provided, and BleepingComputer is awaiting a response on active exploitation.
Based on the meeting notes, here are the key takeaways:
– GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of GitLab Community Edition (CE) and Enterprise Edition (EE).
– The vulnerability (CVE-2024-45409) arises from an issue in the OmniAuth-SAML and Ruby-SAML libraries used by GitLab for SAML-based authentication.
– The vulnerability allows attackers to trick GitLab into recognizing them as authenticated users, bypassing SAML authentication, and gaining access to the GitLab instance.
– The vulnerability impacts specific versions of GitLab and is addressed in later versions where OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0.
– GitLab strongly recommends upgrading affected installations to the latest version, and for those unable to do so immediately, enabling two-factor authentication (2FA) and setting the SAML 2FA bypass option to “do not allow.”
– Signs of attempted or successful exploitation were provided in the bulletin, with warnings that malicious actors might already be leveraging the flaw in attacks.
It’s important to monitor the situation and await GitLab’s response regarding active exploitation of the vulnerability.