[imspero1618]

very nicely done sir

[lolololololololo265l]

The flaw, tracked as CVE-2024-45409, arises from an issue in the OmniAuth-SAML and Ruby-SAML libraries, which GitLab uses to handle SAML-based authentication.

The vulnerability occurs when the SAML response sent by an identity provider (IdP) to GitLab contains a misconfiguration or is manipulated.

Specifically, the flaw involves insufficient validation of key elements in the SAML assertions, such as the extern_uid (external user ID), which is used to uniquely identify a user across different systems.

An attacker can craft a malicious SAML response that tricks GitLab into recognizing them as authenticated users, bypassing SAML authentication and gaining access to the GitLab instance.

The CVE-2024-45409 flaw impacts GitLab 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10, and all prior releases of those branches.

I'll search dorks and it's done! thank you

[1littlecub]

thank you. i hope it works fine

[ZasieuN]

gonna test my office gitlab

[azamii]

thanks using this now ))

[nimz]

Thanks for your contribution

[kikbusnixe]

Pretty explained. Thanks!

[darksnow54]

Thanks for the info and the explanation will help in future

[Angst]

Thanks for sharing!

[Alcxtraze]

of course brother

---

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Attempted Scamming Thread-DATABASE-Database-Empik-com-Poland-11-825-92 | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.