5 matches found
CVE-2022-39300
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...
CVE-2022-39300
creationtimestamp| type| source ---|---|--- 2022-10-14 02:28:11+00:00| seen| https://t.me/cibsecurity/51368...
CVE-2022-39300 Signature bypass via multiple root elements in node-SAML
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...
CVE-2022-39300
CVE-2022-39300 affects node-saml (SAML 2.0 library used with passport-saml). Reports consistently describe a signature-bypass vulnerability where a remote attacker can bypass SAML authentication by manipulating an arbitrary IDP signed XML element, potentially enabling unauthenticated access depen...
@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2022-39300 via node-saml (=4.0.0-beta.2)
node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2022-39300 Source advisory: OSV:GHSA-5P8W-2MVW-38PV...