Critical severityNVD Advisory· Published Sep 10, 2024· Updated Nov 11, 2024
The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
CVE-2024-45409
Description
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby-samlRubyGems | < 1.12.3 | 1.12.3 |
ruby-samlRubyGems | >= 1.13.0, < 1.17.0 | 1.17.0 |
Affected products
17- osv-coords16 versionspkg:apk/chainguard/gitlab-rails-ee-17.1pkg:apk/chainguard/gitlab-rails-ee-17.2pkg:apk/chainguard/gitlab-rails-ee-17.3pkg:apk/chainguard/gitlab-rails-ee-assets-17.2pkg:apk/chainguard/gitlab-rails-ee-assets-17.3pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.2pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.3pkg:apk/chainguard/gitlab-rails-ee-doc-17.2pkg:apk/chainguard/gitlab-rails-ee-doc-17.3pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.2pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.3pkg:apk/chainguard/gitlab-rails-ee-fips-17.1pkg:apk/chainguard/gitlab-rails-ee-fips-17.2pkg:apk/chainguard/gitlab-rails-ee-fips-17.3pkg:bitnami/gitlabpkg:gem/ruby-saml
< 17.1.8-r0+ 15 more
- (no CPE)range: < 17.1.8-r0
- (no CPE)range: < 17.2.6-r0
- (no CPE)range: < 17.3.3-r0
- (no CPE)range: < 17.2.6-r0
- (no CPE)range: < 17.3.3-r0
- (no CPE)range: < 17.2.6-r0
- (no CPE)range: < 17.3.3-r0
- (no CPE)range: < 17.2.6-r0
- (no CPE)range: < 17.3.3-r0
- (no CPE)range: < 17.2.6-r0
- (no CPE)range: < 17.3.3-r0
- (no CPE)range: < 17.1.8-r0
- (no CPE)range: < 17.2.6-r0
- (no CPE)range: < 17.3.3-r0
- (no CPE)range: < 16.11.10
- (no CPE)range: < 1.12.3
- Range: < 1.12.3
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-jw9c-mfg7-9rx2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-45409ghsaADVISORY
- github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeaeghsax_refsource_MISCWEB
- github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7ghsax_refsource_MISCWEB
- github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2ghsax_refsource_CONFIRMWEB
- github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2dddghsaWEB
- github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvqghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/CVE-2024-45409.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2024-45409.ymlghsaWEB
News mentions
3- Top 10 web hacking techniques of 2024: nominations openPortSwigger Research · Jan 8, 2025
- GitLab Critical Patch Release: 16.10.10, 16.9.11, 16.8.10, 16.7.10, 16.6.10, 16.5.10, 16.4.7, 16.3.9, 16.2.11, 16.1.8, 16.0.10GitLab Security Releases · Sep 25, 2024
- GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10GitLab Security Releases · Sep 17, 2024