CVE-2024-45409

Description

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

CVSS v3.1 Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Weakness Type (CWE)

CWE-347 CWE-347

Affected Products

Vendor	Product	Versions
onelogin	ruby-saml	< 1.12.3
onelogin	ruby-saml	1.13.0 — 1.17.0
omniauth	omniauth_saml	< 1.10.3
omniauth	omniauth_saml	All
omniauth	omniauth_saml	All
gitlab	gitlab	< 16.11.10
gitlab	gitlab	17.0.0 — 17.0.8
gitlab	gitlab	17.1.0 — 17.1.8
gitlab	gitlab	17.2.0 — 17.2.7
gitlab	gitlab	17.3.0 — 17.3.3

References

Advisories & Patches

https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7 https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq

Other References

https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html https://news.ycombinator.com/item?id=41586031 https://security.netapp.com/advisory/ntap-20240926-0008/ https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/

Frequently Asked Questions

What is CVE-2024-45409? +

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3. It has a CVSS v3.1 base score of 10.0 (CRITICAL).

How severe is CVE-2024-45409? +

CVE-2024-45409 has a CVSS v3.1 score of 10.0 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2024-45409? +

CVE-2024-45409 affects products from gitlab, omniauth, onelogin, specifically: gitlab, omniauth_saml, ruby-saml. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-45409? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed …

CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is …

CVE-2024-11957

Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on …

CVE-2025-29774

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability …

CVE-2025-29775