Terraform Enterprise’s Single Sign-On And Ruby SAML’s CVE-2024-45409
Summary Terraform Enterprise’s single sign-on functionality is implemented using the Ruby SAML library, which disclosed an authentication bypass vulnerability exploitable by an XML signature wrapping attack. This vulnerability, CVE-2024-45409, was addressed by an upgrade of the Ruby SAML version...