2 matches found
CVE-2026-9093
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...
PT-2026-44422
Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description The SAML service provider implementation fails to validate the AudienceRestriction element in SAML assertions. This occurs because the buildSp function in object/saml sp.go does not set the...