CVE-2024-1735

2024-02-2607:25:42

LY-Corporation

www.cve.org

cve-2024-1735

armeria-saml

vulnerability

saml messages

authentication bypass

upgrade

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.4

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

CNA Affected

[
  {
    "vendor": "LINE Corporation",
    "product": "Armeria",
    "versions": [
      {
        "version": "0.69.0",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "1.27.2"
      }
    ]
  }
]