Create 20240927002-GitLab-Critical-Vulnerability.md

wagov · Sep 27, 2024 · b55a153 · b55a153
1 parent 9168372
commit b55a153
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/docs/advisories/20240927002-GitLab-Critical-Vulnerability.md b/docs/advisories/20240927002-GitLab-Critical-Vulnerability.md
@@ -0,0 +1,26 @@
+# GitLab Critical Vulnerability CVE-2024-45409 - #20240927002
+
+## Overview
+
+In a crucial security release, GitLab has addressed a severe vulnerability (CVE-2024-45409) in its Community Edition (CE) and Enterprise Edition (EE) platforms, impacting all self-managed installations. 
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE   | CVSS    | Severity     |
+| ---- | ---- | ----- | ------- | ------------ |
+| GitLab CE/EE | 17.x.x and 16.11.10 | [CVE-2024-45409](https://nvd.nist.gov/vuln/detail/CVE-2024-45409) | **9.8** | **Critical** |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)).
+
+
+## Additional References
+
+- [GitLab backports fix for CVE-2024-45409 to older versions](https://securityonline.info/gitlab-backports-fix-for-cve-2024-45409-to-older-versions/)
+- https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
+- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2