Cybersecurity Threat Advisory: Critical GitLab SAML vulnerability

A vulnerability identified as CVE-2024-45409 has been found in GitLab’s Ruby-SAML library. This flaw stems from the improper validation of Security Assertion Markup Language (SAML) responses. Continue reading this Cybersecurity Threat Advisory to secure your environment.

What is the threat?

CVE-2024-45409 has a CVSS score of 10.0 and affects GitLab’s Community Edition and Enterprise Edition. It allows an attacker to potentially have unauthorized access to sensitive source code on GitLab instances. This works by allowing unauthenticated attackers the ability to forge a SAML response and therefore it allows them to gain access to GitLab by impersonating users thereby bypassing authentication walls.

Why is it noteworthy?

If attackers can bypass authentication checks on GitLab, an attacker has free reign to impact services and codes. This will also give them an opportunity for lateral movement. GitLab’s SAML authentication is used specifically for enterprise environments utilizing single sign-on (SSO). If attackers pass authentication, property theft can occur and also further attacks on CI/CD.

What is the exposure or risk?

The following library versions are affected:

• 1.13.0 to 1.16.0
• Versions up to 12.2

GitLab has released patches to address this vulnerability. If unchecked, CVE-2024-45409 can allow data breaches and unauthorized code changes.

What are the recommendations?

Barracuda MSP recommends the following actions to keep your environment secure against this vulnerability:

• Enable two-factor authentication.
• Update all GitLab installations to the most recent version.

References

For more in-depth information about the recommendations, please visit the following links:

• https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html
• https://vulert.com/vuln-db/CVE-2024-45409

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.