10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-45409

GHSA ID

GHSA-jw9c-mfg7-9rx2

EPSS Score

0.94209%

CWE

CWE-347

Published

9/10/2024

Updated

9/16/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-45409

CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.

This vulnerability was reported by ahacker1 of SecureSAML (ahacker1@securesaml.com)

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-45409

CVE-2024-45409:

10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2024-45409

GHSA ID

GHSA-jw9c-mfg7-9rx2

EPSS Score

0.94209%

CWE

CWE-347

Published

9/10/2024

Updated

9/16/2024

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ruby-saml	rubygems	< 1.12.3	1.12.3
ruby-saml	rubygems	>= 1.13.0, < 1.17.0	1.17.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper XPath selectors in signature validation logic. The commit diff shows critical changes in xml_security.rb's validate_signature method:

Changed XPath from '//ds:Reference' to './ds:Reference' to scope selection
Added check for duplicate IDs (reference_nodes.length > 1)
Modified CanonicalizationMethod/DigestMethod XPaths to use relative paths These changes directly address the signature bypass by preventing attackers from injecting malicious elements with duplicate IDs through absolute XPath traversal, which aligns with CWE-347 (signature verification flaw) described in the advisory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

10

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector

CVE-2024-45409:

10

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

10

10

CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI