CVE-2024-45409

The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

Severity Score

10.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an arbitrary user. This issue only affected Ubuntu 16.04 LTS. It was discovered that Ruby SAML incorrectly utilized the results of XML DOM traversal and canonicalization APIs. An unauthenticated attacker could use this vulnerability to log in as an arbitrary user. This issue only affected Ubuntu 16.04 LTS.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-08-28 CVE Reserved
2024-09-10 CVE Published
2024-10-07 First Exploit
2024-11-11 CVE Updated
2025-02-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (6)

URL	Tag	Source
https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae	X_refsource_misc
https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7	X_refsource_misc
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2	X_refsource_confirm
https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq	X_refsource_misc

URL	Date	SRC
https://packetstorm.news/files/id/182032	2024-10-07
https://github.com/synacktiv/CVE-2024-45409	2024-10-07

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
SAML-Toolkits Search vendor "SAML-Toolkits"		Ru Search vendor "SAML-Toolkits" for product "Ru"				< 1.12.3 Search vendor "SAML-Toolkits" for product "Ru" and version " < 1.12.3"		en		Affected
SAML-Toolkits Search vendor "SAML-Toolkits"		Ru Search vendor "SAML-Toolkits" for product "Ru"				>= 1.13.0 < 1.17.0 Search vendor "SAML-Toolkits" for product "Ru" and version " >= 1.13.0 < 1.17.0"		en		Affected