Lucene search

K
githubGitHub Advisory DatabaseGHSA-J2JP-WVQG-WC2G
HistoryNov 29, 2022 - 11:55 p.m.

crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

2022-11-2923:55:54
CWE-287
GitHub Advisory Database
github.com
20
crewjam saml vulnerability
authentication bypass
saml response
assertion elements
version 0.4.9
felix wilhelm
google project zero

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.0%

Impact

The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.

Patches

This issue has been corrected in version 0.4.9.

Credit

This issue was reported by Felix Wilhelm from Google Project Zero.

Affected configurations

Vulners
Node
crewjamsamlRange<0.4.9
VendorProductVersionCPE
crewjamsaml*cpe:2.3:a:crewjam:saml:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.0%