Lucene search
K

379 matches found

Prion
Prion
added 2019/04/17 2:29 p.m.16 views

Authentication flaw

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.5CVSS9.4AI score0.04636EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/04/17 2:29 p.m.11 views

Authentication flaw

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

7.5CVSS9.4AI score0.02512EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/17 2:29 p.m.4 views

CVE-2017-11429

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

9.8CVSS5.7AI score0.02381EPSS
Exploits1References2
OSV
OSV
added 2019/04/17 2:29 p.m.20 views

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

9.8CVSS6.9AI score
Exploits0References2
Cvelist
Cvelist
added 2019/04/17 2:1 p.m.30 views

CVE-2018-7340 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.7CVSS7.6AI score0.00934EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/04/17 2:0 p.m.52 views

CVE-2017-11430 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

7.7CVSS8.7AI score0.02415EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/04/17 2:0 p.m.41 views

CVE-2017-11429 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

7.7CVSS8.7AI score0.02381EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/04/17 1:59 p.m.39 views

CVE-2017-11428 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

7.7CVSS8.7AI score0.02512EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/04/17 1:59 p.m.45 views

CVE-2017-11427 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.7CVSS8.7AI score0.04636EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.5 views

PT-2019-7878 · Onelogin · Pythonsaml

Name of the Vulnerable Software and Affected Versions: OneLogin PythonSAML versions 2.3.0 and earlier Description: The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due ...

9.8CVSS7.1AI score0.04636EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.5 views

PT-2019-7879 · Onelogin +2 · Onelogin Ruby-Saml +2

Name of the Vulnerable Software and Affected Versions: OneLogin Ruby-SAML versions 1.6.0 and earlier Description: The issue may allow an attacker to manipulate SAML data without invalidating its cryptographic signature, potentially bypassing authentication to SAML service providers. This is due t...

10CVSS8.2AI score0.10684EPSS
Exploits4References19
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.7 views

PT-2019-7881 · Omniauth · Omniauth-Saml

Name of the Vulnerable Software and Affected Versions: OmniAuth OmniAuth-SAML versions 1.9.0 and earlier Description: The issue arises from incorrect utilization of XML DOM traversal and canonicalization APIs, allowing an attacker to manipulate SAML data without invalidating its cryptographic...

9.8CVSS9.6AI score0.02415EPSS
Exploits1References8
Node.js
Node.js
added 2018/04/24 4:13 p.m.24 views

Byass due to validation before canonicalization

Overview Versions of serve before 6.5.2 are vulnerable to the bypass of the ignore functionality. The bypass is possible because validation happens before canonicalization of paths and filenames. Example: Here we have a server that ignores the file test.txt. const serve = require'serve' const...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/04/20 9:28 p.m.63 views

Authentication bypass via incorrect XML canonicalization and DOM traversal

Overview Versions of saml2-js prior to 1.12.4 or 2.0.2 are vulnerable to authentication bypass. The saml2-js library may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the...

7.2AI score
Exploits0Affected Software1
Prion
Prion
added 2018/03/30 8:29 p.m.18 views

Directory traversal

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

7.5CVSS9.4AI score0.01598EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/03/30 8:29 p.m.17 views

CVE-2018-3822

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.8CVSS9.5AI score0.01598EPSS
Exploits0References1
OSV
OSV
added 2018/03/30 8:29 p.m.9 views

CVE-2018-3822

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.8CVSS5.8AI score0.01598EPSS
Exploits0References1
CVE
CVE
added 2018/03/30 8:0 p.m.66 views

CVE-2018-3822

Elastic X-Pack Security (part of Elasticsearch) versions 6.2.0–6.2.2 are affected by CVE-2018-3822 due to improper XML canonicalization and DOM traversal in the SAML implementation, enabling a user impersonation attack if the SAML IdP allows self-registration with arbitrary identifiers and an att...

9.8CVSS9.5AI score0.01598EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/30 8:0 p.m.17 views

CVE-2018-3822

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.6AI score0.01598EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/03/30 12:0 a.m.6 views

PT-2018-16216 · Elastic · X-Pack Security

Name of the Vulnerable Software and Affected Versions: X-Pack Security versions 6.2.0 through 6.2.2 Description: The issue allows for a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might impersonate a legitimate user if the SAML Identity Provider...

9.8CVSS9.4AI score0.01598EPSS
Exploits0References2
Rows per page
Query Builder