The Hacker News14 天
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
(CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.
Bleeping Computer14 天
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.
heise online14 天
Security vulnerabilities: Gitlab developers advise rapid update
However, systems are only vulnerable if authentication via SAML SSO is active and attackers have already taken over a user account. The errors can be found in the ruby-saml library that Gitlab ...
Bleeping Computer14 天
Latest Authentication Bypass news
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws.