exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

CVE-2024-45409

Ruby-SAML / GitLab Authentication Bypass

Posted Oct 7, 2024

Authored by Synacktiv | Site github.com

This script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below or equal to 12.2 and versions 1.13.0 through 1.16.0 do not properly verify the signature of the SAML Response.

tags | exploit, ruby

advisories | CVE-2024-45409

SHA-256 | d08713f2b53b8375bee1c935a8aa40df427334d91a9660f64086fe0c225c0c55

Download | Favorite | View

Debian Security Advisory 5774-1

Posted Sep 23, 2024

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.

tags | advisory, ruby

systems | linux, debian

advisories | CVE-2024-45409

SHA-256 | 240177159ce0b76270aa0280d1ee5b1c3ee1ab29b2d1a466aa814c291e161d28

Download | Favorite | View