Lucene search

K
osvGoogleOSV:GO-2022-1129
HistoryNov 29, 2022 - 6:03 p.m.

Authentication bypass in github.com/crewjam/saml

2022-11-2918:03:21
Google
osv.dev
26
authentication bypass
github
saml
processing
multiple assertion
software

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.0%

Authentication bypass is possible when processing SAML responses containing multiple Assertion elements.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.0%