181 matches found
Debian dla-3949 : ruby-saml - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3949 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/...
VulnCheck KEV: CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
Exploit for Improper Verification of Cryptographic Signature in Onelogin Ruby-Saml
Ruby-SAML / GitLab Authentication Bypass CVE-2024-45409 expl...
Debian: Security Advisory (DSA-5774-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5774-1] ruby-saml security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5774-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 20, 2024 https://www.debian.org/security/faq -...
DSA-5774-1 ruby-saml - security update
Bulletin has no description...
Debian dsa-5774 : ruby-saml - security update
The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5774 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5774-1 [email protected] https://www.debian.org/security/...
SUSE CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
GitLab has released patches to address a critical flaw impacting Community Edition CE and Enterprise Edition EE that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library CVE-2024-45409, CVSS score: 10.0, which could allow an attacker to log in as an...
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...
GHSA-CVP8-5R8G-FHVQ omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...
Authentication Bypass
ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper verification of the signature in the SAML Response, allowing an unauthenticated attacker to forge a SAML Response/Assertion and log in as an arbitrary user...
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...
GHSA-JW9C-MFG7-9RX2 SAML authentication bypass via Incorrect XPath selector
Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...
SAML authentication bypass via Incorrect XPath selector
Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...
UBUNTU-CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...