GitLab Fixes Security Vulnerabilities That Could Bypass Authentication

gitlab @ kubecon

GitLab has patched nine vulnerabilities in new security updates.

GitLab has released two security updates for the Community Edition (CE) and Enterprise Edition (EE). These updates have resolved nine vulnerabilities. Two of them were critical flaws in the ruby-saml library used for SAML Single Sign-On. SAML is an open standard used to share authentication data between different parties.

Critical Vulnerabilities in SAML Authentication

Due to the flaws in the ruby-saml library, an attacker can impersonate another user within a SAML Identity Provider (IdP) environment. This leads to unauthorized access and potential data breaches.

Github emphasizes that their platform is not affected, as they have not used ruby-saml since 2014. The vulnerability was present in other software such as GitLab. These vulnerabilities have now been resolved in GitLab CE/EE version 17.7.7, 17.8.5, 17.9.2, the web version, and GitLab Dedicated. Users with their own installations need to perform the update manually.

“We strongly recommend upgrading all installations with a version affected by the issues described below to the latest version as soon as possible,” GitLab emphasizes in a blog.

read also

GitLab Fixes Security Vulnerabilities That Could Bypass Authentication