CVE-2024-45409

2024-09-1019:15:22

CWE-347

GitHub_M

web.nvd.nist.gov

ruby saml library

saml authorization

signature verification

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

Percentile

16.4%

JSON

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

Affected configurations

Vulners

Vulnrichment

Node

saml-toolkitsruby_samlRange<1.12.3

saml-toolkitsruby_samlRange1.13.0–1.17.0

VendorProductVersionCPE
saml-toolkitsruby_saml*cpe:2.3:a:saml-toolkits:ruby_saml:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
saml-toolkits	ruby_saml	*	cpe:2.3:a:saml-toolkits:ruby_saml::::::::

CNA Affected

[
  {
    "vendor": "SAML-Toolkits",
    "product": "ruby-saml",
    "versions": [
      {
        "version": "< 1.12.3",
        "status": "affected"
      },
      {
        "version": ">= 1.13.0, < 1.17.0",
        "status": "affected"
      }
    ]
  }
]