SAML roulette: the hacker always wins
Summary
Researchers have discovered a new attack method called "SAML roulette" that can grant unauthenticated administrative access to GitLab Enterprise. This vulnerability is achieved by chaining round-trip attacks and namespace confusion, exploiting a flaw in the ruby-saml library.
IFF Assessment
This vulnerability allows attackers to gain unauthorized administrative access, which is a significant threat to organizations.
Severity
The attack allows for unauthenticated administrative access, which is a critical impact, and can likely be executed remotely and with low complexity, leading to a high CVSS score.
Defender Context
This research highlights a critical vulnerability in SAML authentication, a common method for single sign-on. Defenders should ensure their GitLab instances are updated and review their SAML configurations for potential weaknesses that could be exploited by similar techniques.