CVE-2024-45409
The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
10.0
CRITICAL
CVSS 3.1
EPSS 44.6%
Description
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
How to fix CVE-2024-45409
To remediate CVE-2024-45409, upgrade the affected package to a fixed version below.
- —upgrade to 16.11.10 or later
- —upgrade to 1.11.0-1+deb11u1 or later
- —upgrade to 1.11.0-1+deb11u1 or later
- —upgrade to 1.13.0-1+deb12u1 or later
- —upgrade to 2.1.2 or later
- —upgrade to 1.12.3 or later
Is CVE-2024-45409 being exploited?
Moderate — EPSS is 44.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (6)
- from 0, < 16.11.10, >= 17.0.0, < 17.0.8, >= 17.1.0, < 17.1.8, >= 17.2.0, < 17.2.7, >= 17.3.0, < 17.3.3
- from 0, < 1.11.0-1+deb11u1
- from 0, < 1.11.0-1+deb11u1
- from 0, < 1.13.0-1+deb12u1
- >= 2.0.0, < 2.1.2
- from 0, < 1.12.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
| osv | CVSS 3.1 | CRITICAL10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |