CVE-2024-45409 CRITICAL

CVE-2024-45409: The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

Vendor Saml-Toolkits
Product ruby-saml
Weakness CWE-347
Published September 10, 2024
Last update November 11, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
November 11, 2024 Record updated