A critical vulnerability, CVE-2024-45409, affecting the Ruby-SAML library, allows attackers to forge SAML responses and bypass authentication. The vulnerability stems from an incorrect XPath selector that prevents proper verification of the SAML response signature. This flaw impacts Ruby-SAML versions up to 1.12.2 and between 1.13.0 and 1.16.0. Attackers can exploit the vulnerability by crafting a SAML Response or Assertion that bypasses authentication and potentially gain unauthorized access to sensitive data and critical systems. GitLab was impacted by the vulnerability, and the company issued an important security update to address it.
A critical vulnerability, identified as CVE-2024-9164, has been patched in GitLab EE versions. This flaw enables remote attackers to execute pipelines on arbitrary branches within a repository, potentially leading to code execution. The vulnerability arises from a lack of proper authorization checks during pipeline execution. Organizations using GitLab EE are strongly advised to update to the latest patched versions to mitigate this risk.
The Lazarus Group, a North Korean-linked APT group, is targeting software developers through a new campaign involving malicious Python packages disguised as coding tests distributed through fake job recruitment schemes. The group, known for its destructive cyber operations, is impersonating recruiters from financial services firms. Victims are tricked into downloading malicious packages disguised as legitimate tools, aiming to download payloads and steal sensitive information. The Lazarus Group has a long history of launching attacks on software developers and organizations. Increased vigilance is required from software developers and the companies hiring them to recognize and mitigate this evolving threat. Security teams should closely monitor their systems for any suspicious activity, particularly related to Python packages received through recruiters and fake job posts.
GitLab has addressed multiple vulnerabilities in versions 17.3.2, 17.2.5, and 17.1.7, with the most critical one (CVE-2024-6678) allowing an attacker to trigger pipelines as an arbitrary user under specific conditions. This could lead to unauthorized actions within the GitLab environment, potentially impacting sensitive data and operations. Further vulnerabilities include incomplete input filtering that enabled code injection into the Cube server, improper access control that allowed access to internal resources, and denial-of-service possibilities through manipulated parameters.
GitLab has released a critical security update addressing several vulnerabilities in its platform. These include CVE-2024-6678, CVE-2024-8640, CVE-2024-8635, and CVE-2024-8124, which are considered critical and require immediate action. Users are strongly urged to upgrade to the latest patched versions as soon as possible to prevent exploitation. The vulnerabilities could potentially lead to unauthorized access, data breaches, and other malicious activities. The update is available for versions 17.3.2, 17.2.5, and 17.1.7, and all users are encouraged to implement the patch at their earliest convenience.