How to detect it the Ruby-SAML vulnerability (CVE-2024–45409)

vsociety
2 min readOct 9, 2024

--

CVE-2024–45409 9.8 Critical Severity

python3 CVE-2024–45409-xdetection.py

Description

The Vulnerability: CVE-2024–45409

CVE-2024–45409 is a critical vulnerability in the Ruby-SAML library, which is responsible for handling SAML-based authentication. The issue stems from improper verification of the signature in SAML responses, allowing an attacker to forge a malicious SAML response and gain unauthorized access to a system. Versions of Ruby-SAML that are vulnerable include those <= 12.2 and 1.13.0 to 1.16.0. If exploited, an attacker could potentially impersonate any user and gain full control over sensitive parts of a system, including access to private projects and data.

How the Script Works

The script helps automate two main tasks:

1. Detection:

- The script runs the command gem list to check if the Ruby-SAML library is installed and identifies its version.

It then compares the installed version with known vulnerable versions (<= 12.2 and 1.13.0 to 1.16.0).

2. Remediation:

If a vulnerable version is detected, the script attempts to upgrade the library to a secure version (1.17.0 or later) using gem install ruby-saml -v 1.17.0.

If the automatic upgrade fails or times out, the script advises the user to perform a manual upgrade.

How to Use the Script

1. Prerequisites:

- Make sure you have Python3 installed.

Ruby and the gem package manager must also be installed on your system.

2. Running the Script:

Simply download or copy the script to your machine and run it using Python 3:

python3 detect.py

The script will automatically check your system’s Ruby-SAML version and, if necessary, attempt to upgrade it.

3. Manual Steps:

If the script notifies you that an upgrade failed, you can manually update the library by running:

gem install ruby-saml -v 1.17.0

Final Thoughts

This script provides a simple yet effective way to protect your system from the critical CVE-2024–45409 vulnerability. By automating the detection and update process, you can avoid the risk of exploitation due to unpatched software. Maintaining up-to-date libraries is essential, especially when working with commonly targeted authentication mechanisms like SAML.

If you’re managing critical infrastructure or sensitive data, take this as a reminder to always follow best practices for system updates and monitoring. This script is just one step toward maintaining a secure environment.

References:

- CVE-2024–45409: NVD Database: https://nvd.nist.gov/vuln/detail/CVE-2024-45409

- GitLab Security Advisory: GitLab Patch Release: https://about.gitlab.com/releases/2024/09/17/gitlab-security-release-cve-2024-45409

- TheHackerNews: https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html

--

--

vsociety
vsociety

Written by vsociety

vsociety is a community centered around vulnerability research

No responses yet