Skip to content

Commit 233c6ae

Browse files
Adrian-Hirtpostmodern
authored andcommitted
GHSA SYNC[ruby-saml]: 3 new advisories: CVE 2025-25291, CVE 2025-25292 and CVE 2025-25293
1 parent 71f6716 commit 233c6ae

File tree

3 files changed

+97
-0
lines changed

3 files changed

+97
-0
lines changed

gems/ruby-saml/CVE-2025-25291.yml

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
gem: ruby-saml
3+
cve: 2025-25291
4+
ghsa: 4vc4-m8qh-g8jm
5+
url: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
6+
title: Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
7+
date: 2025-03-12
8+
description: |-
9+
### Summary
10+
An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
11+
ReXML and Nokogiri parse XML differently, the parsers can generate entirely
12+
different document structures from the same XML input. That allows an attacker
13+
to be able to execute a Signature Wrapping attack.
14+
15+
### Impact
16+
This issue may lead to authentication bypass.
17+
cvss_v4: 8.8
18+
patched_versions:
19+
- "~> 1.12.4"
20+
- ">= 1.18.0"
21+
related:
22+
url:
23+
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
24+
- https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
25+
- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
26+
- https://nvd.nist.gov/vuln/detail/CVE-2025-25291
27+
- https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
28+
- https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
29+
- https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
30+
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
31+
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
32+
- https://github.com/advisories/GHSA-4vc4-m8qh-g8jm

gems/ruby-saml/CVE-2025-25292.yml

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
gem: ruby-saml
3+
cve: 2025-25292
4+
ghsa: 754f-8gm6-c4r2
5+
url: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
6+
title: Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
7+
date: 2025-03-12
8+
description: |-
9+
### Summary
10+
An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
11+
ReXML and Nokogiri parse XML differently, the parsers can generate entirely
12+
different document structures from the same XML input. That allows an
13+
attacker to be able to execute a Signature Wrapping attack.
14+
15+
### Impact
16+
This issue may lead to authentication bypass.
17+
cvss_v4: 8.8
18+
patched_versions:
19+
- "~> 1.12.4"
20+
- ">= 1.18.0"
21+
related:
22+
url:
23+
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
24+
- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
25+
- https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
26+
- https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
27+
- https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
28+
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
29+
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
30+
- https://nvd.nist.gov/vuln/detail/CVE-2025-25292
31+
- https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
32+
- https://github.com/advisories/GHSA-754f-8gm6-c4r2

gems/ruby-saml/CVE-2025-25293.yml

+33
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
---
2+
gem: ruby-saml
3+
cve: 2025-25293
4+
ghsa: 92rq-c8cf-prrq
5+
url: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
6+
title: Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
7+
date: 2025-03-12
8+
description: |-
9+
### Summary
10+
ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses.
11+
12+
Ruby-saml uses zlib to decompress SAML responses in case they're compressed.
13+
It is possible to bypass the message size check with a compressed assertion
14+
since the message size is checked before inflation and not after.
15+
16+
### Impact
17+
This issue may lead to remote Denial of Service (DoS).
18+
cvss_v4: 8.8
19+
patched_versions:
20+
- "~> 1.12.4"
21+
- ">= 1.18.0"
22+
related:
23+
url:
24+
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
25+
- https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
26+
- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
27+
- https://nvd.nist.gov/vuln/detail/CVE-2025-25293
28+
- https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1
29+
- https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
30+
- https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
31+
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
32+
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
33+
- https://github.com/advisories/GHSA-92rq-c8cf-prrq

0 commit comments

Comments
 (0)