CVE-2024-45409 is a crucial vulnerability within the Ruby-SAML (affecting variations as much as 12.2 and from 1.13.0 to 1.16.0) and OmniAuth SAML libraries. It therefore successfully poses a safety danger for unpatched variations of GitLab (learn extra on the GitLab weblog). This vulnerability arises from improper verification of the SAML Response signature. An attacker with entry to any signed SAML doc can forge a SAML Response or Assertion with arbitrary contents. This enables the attacker to log in as any person inside the weak system. The vulnerability has a CVSS rating of 9.8, indicating its crucial nature.
