Thu Sep 19 13:27:00 UTC 2024: ## GitLab Patches Critical Vulnerability Allowing Unauthenticated Access

**Sarajevo, Bosnia and Herzegovina** – GitLab, the popular DevOps platform, has patched a critical vulnerability (CVE-2024-45409) that could have allowed malicious actors to access restricted information. The flaw, categorized as a “SAML authentication bypass”, received a perfect 10/10 severity score.

The vulnerability stems from a flaw in the ryb-saml library, which failed to properly verify the signature of SAML responses. This allowed attackers to forge a SAML Response with arbitrary contents, enabling them to log in as any user on the vulnerable system.

GitLab advises users to update their Community Edition and Enterprise Edition solutions to the latest versions (17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10). While GitLab has not confirmed if the vulnerability was exploited in the wild, the security advisory suggests that malicious actors may have already attempted to exploit it.

As a precaution, GitLab recommends enabling two-factor authentication (2FA) for all accounts and disabling the SAML two-factor bypass option.

This vulnerability highlights the importance of keeping software updated and implementing strong security measures. With millions of active users, GitLab is a high-profile target for cybercriminals, making it crucial to address security vulnerabilities promptly.

Read More