GoogleOSV:GHSA-JW9C-MFG7-9RX2SAML authentication bypass via Incorrect XPath selector
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
16.4%
Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.
This vulnerability was reported by ahacker1 of SecureSAML ([email protected])
References
github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/CVE-2024-45409.yml
github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml
github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2024-45409.yml
github.com/SAML-Toolkits/ruby-saml
github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
nvd.nist.gov/vuln/detail/CVE-2024-45409
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
16.4%