rubysec · postmodern · Sep 13, 2024 · Sep 11, 2024
diff --git a/gems/omniauth-saml/CVE-2024-45409.yml b/gems/omniauth-saml/CVE-2024-45409.yml
@@ -0,0 +1,15 @@
+---
+gem: omniauth-saml
+cve: 2024-45409
+ghsa: jw9c-mfg7-9rx2
+url: https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
+title: SAML authentication bypass via Incorrect XPath selector
+date: 2024-08-28
+description: |
+  Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response.
+  An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML
+  Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within
+  the vulnerable system.
+cvss_v3: 10.0
+patched_versions:
+  - ">= 2.2.0"
diff --git a/gems/ruby-saml/CVE-2024-45409.yml b/gems/ruby-saml/CVE-2024-45409.yml
@@ -0,0 +1,16 @@
+---
+gem: ruby-saml
+cve: 2024-45409
+ghsa: jw9c-mfg7-9rx2
+url: https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
+title: SAML authentication bypass via Incorrect XPath selector
+date: 2024-08-28
+description: |
+  Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response.
+  An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML
+  Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within
+  the vulnerable system.
+cvss_v3: 10.0
+patched_versions:
+  - "~> 1.12.3"
+  - ">= 1.17.0"