logo

Database

Insufficient data authenticity validation In ruby-saml

Description

SAML authentication bypass via Incorrect XPath selector Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.

This vulnerability was reported by ahacker1 of SecureSAML ([email protected])

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-454092. NVD-2024-454093. OSV-DEBIAN-2024-454094. OSV-2024-454095. GHSA-jw9c-mfg7-9rx26. GHSA-cvp8-5r8g-fhvq7. GCVE-2024-454098. SECURITY-TRACKER-CVE-2024-45409

References

1. https://vulncheck.com/cve/CVE-2024-454092. https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-45409.yaml3. https://github.com/synacktiv/CVE-2024-454094. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx25. https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq6. https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae7. https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae78. https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd9. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/CVE-2024-45409.yml10. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml11. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2024-45409.yml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.