GitLab, the popular DevOps platform, has issued a critical security advisory urging organizations to immediately patch their self-managed GitLab instances to address a severe authentication bypass vulnerability.
The flaw tracked as CVE-2024-45409, could allow attackers to gain unauthorized access to GitLab accounts without proper authentication.
The vulnerability stems from an issue in the ruby-saml library used by GitLab for handling SAML-based authentication.
Specifically, the library fails to properly verify the signature of SAML responses, potentially allowing an attacker to forge a malicious response and bypass authentication controls.
With a maximum CVSS score of 10.0, this critical flaw affects all GitLab versions from 16.1 through 17.3 prior to the patched releases. GitLab has released security updates addressing the vulnerability in versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10.
Meet the CISOs, Join the Virtual Panel to Learn compliance – Join Free
“We strongly recommend that all installations running an affected version are upgraded to the latest version as soon as possible,” GitLab stated in their advisory.
The company emphasized that the vulnerability only impacts self-managed GitLab instances with SAML-based authentication enabled.
For organizations unable to immediately update, GitLab recommends two key mitigations:
- Enable two-factor authentication for all user accounts on the GitLab instance
- Disable the SAML two-factor bypass option
Security researchers warn that this flaw could be exploited to gain initial access to GitLab repositories, potentially leading to further compromise or data theft.
There are concerns that attackers may attempt to leverage the vulnerability for supply chain attacks on software developed using affected GitLab instances.
While GitLab has not explicitly confirmed active exploitation, they provided detailed guidance on detecting potential exploitation attempts in system logs.
This suggests the company is taking the threat seriously and anticipates possible attacks. The critical nature of this vulnerability underscores the importance of prompt patching and robust authentication practices.
Organizations using self-managed GitLab instances are strongly advised to review their configurations, apply the necessary updates, and implement the recommended mitigations to protect against potential attacks exploiting this authentication bypass flaw.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial