CVE-2024–45409 9.8 Critical Severity
python3 CVE-2024–45409-xdetection.py
Description
The Vulnerability: CVE-2024–45409
CVE-2024–45409 is a critical vulnerability in the Ruby-SAML library, which is responsible for handling SAML-based authentication. The issue stems from improper verification of the signature in SAML responses, allowing an attacker to forge a malicious SAML response and gain unauthorized access to a system. Versions of Ruby-SAML that are vulnerable include those <= 12.2 and 1.13.0 to 1.16.0. If exploited, an attacker could potentially impersonate any user and gain full control over sensitive parts of a system, including access to private projects and data.
How the Script Works
The script helps automate two main tasks:
1. Detection:
- The script runs the command gem list
to check if the Ruby-SAML library is installed and identifies its version.
It then compares the installed version with known vulnerable versions (<= 12.2 and 1.13.0 to 1.16.0).
2. Remediation:
If a vulnerable version is detected, the script attempts to upgrade the library to a secure version (1.17.0 or later) using gem install ruby-saml -v 1.17.0
.
If the automatic upgrade fails or times out, the script advises the user to perform a manual upgrade.
How to Use the Script
1. Prerequisites:
- Make sure you have Python3
installed.
Ruby and the gem
package manager must also be installed on your system.
2. Running the Script:
Simply download or copy the script to your machine and run it using Python 3:
python3 detect.py
The script will automatically check your system’s Ruby-SAML version and, if necessary, attempt to upgrade it.
3. Manual Steps:
If the script notifies you that an upgrade failed, you can manually update the library by running:
gem install ruby-saml -v 1.17.0
Final Thoughts
This script provides a simple yet effective way to protect your system from the critical CVE-2024–45409 vulnerability. By automating the detection and update process, you can avoid the risk of exploitation due to unpatched software. Maintaining up-to-date libraries is essential, especially when working with commonly targeted authentication mechanisms like SAML.
If you’re managing critical infrastructure or sensitive data, take this as a reminder to always follow best practices for system updates and monitoring. This script is just one step toward maintaining a secure environment.
References:
- CVE-2024–45409: NVD Database: https://nvd.nist.gov/vuln/detail/CVE-2024-45409
- GitLab Security Advisory: GitLab Patch Release: https://about.gitlab.com/releases/2024/09/17/gitlab-security-release-cve-2024-45409
- Ruby-SAML Library GitHub: Ruby-SAML GitHub: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
- TheHackerNews: https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html