Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qdzljLW1mZzctOXJ4Ms4AA_cX

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.

This vulnerability was reported by ahacker1 of SecureSAML ([email protected])

Permalink: https://github.com/advisories/GHSA-jw9c-mfg7-9rx2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdzljLW1mZzctOXJ4Ms4AA_cX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 4 months ago
Updated: 4 months ago

CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS Percentage: 0.17715
EPSS Percentile: 0.96123

Identifiers: GHSA-jw9c-mfg7-9rx2, CVE-2024-45409
References:

• https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
• https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
• https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
• https://nvd.nist.gov/vuln/detail/CVE-2024-45409
• https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
• https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/CVE-2024-45409.yml
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2024-45409.yml
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml
• https://github.com/advisories/GHSA-jw9c-mfg7-9rx2

Repository: https://github.com/SAML-Toolkits/ruby-saml
Blast Radius: 33.6

Affected Packages