THREATOPS
THREAT OPSThreat News › SAML roulette: the hacker always wins

SAML roulette: the hacker always wins

infoportswigger_researchPublished 2025-03-18

Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library

Original source: https://portswigger.net/research/saml-roulette-the-hacker-always-wins