GitLab patches critical authentication bypass vulnerabilities

Summary: GitLab has released critical security updates addressing nine vulnerabilities in its Community and Enterprise Editions, including two significant authentication bypass flaws in the ruby-saml library. The vulnerabilities could allow authenticated attackers to impersonate users in SAML environments, leading to potential account takeovers. Users are urged to upgrade to the latest versions (17.7.7, 17.8.5, or 17.9.2) immediately, while temporary mitigations are suggested for those unable to upgrade right away.

Affected: GitLab Community Edition (CE) and Enterprise Edition (EE)

Keypoints :

• GitLab patched two critical authentication bypass vulnerabilities in the ruby-saml library, allowing user impersonation.
• Affected versions require users to upgrade to 17.7.7, 17.8.5, or 17.9.2, as older versions are vulnerable.
• Temporary mitigations include enabling 2FA, disabling SAML two-factor bypass, and requiring admin approval for auto-created users.