Lucene search
K

39 matches found

OSV
OSV
added 2021/04/22 2:15 p.m.11 views

CVE-2021-27736

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

6.5CVSS6.8AI score
Exploits0References3
Prion
Prion
added 2021/04/22 2:15 p.m.13 views

Design/Logic Flaw

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

4CVSS6.5AI score0.01281EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/04/22 1:14 p.m.21 views

CVE-2021-27736

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely...

6.7AI score0.01281EPSS
Exploits1References3
CVE
CVE
added 2021/04/22 1:14 p.m.42 views

CVE-2021-27736

Summary: CVE-2021-27736 affects FusionAuth’s fusionauth-samlv2 library prior to 0.5.4. The issue is an XML External Entity (XXE) vulnerability in parseFromBytes, which uses javax.xml.parsers.DocumentBuilderFactory unsafely on forged AuthnRequest or LogoutRequest messages. This can lead to disclos...

6.5CVSS6.4AI score0.01281EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/04/22 12:0 a.m.4 views

FusionAuth fusionauth-samlv2 代码问题漏洞

fusionauth fusionauth-samlv2 is a personal developer of a JAVA library that provides JAXB functionality . The library can mainly handle SAML requests and replies for scenarios such as single sign-on. A security vulnerability exists in FusionAuth fusionauth-samlv2 versions prior to 0.5.4 that allo...

6.5CVSS6.5AI score0.01281EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2020/11/18 12:0 a.m.4 views

FusionAuth Command Injection (CVE-2020-7799)

A command injection vulnerability exists in FusionAuth. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.7AI score0.19807EPSS
Exploits3
0day.today
0day.today
added 2020/10/03 12:0 a.m.53 views

FusionAuth SAML v 2 0.2.3 Message Forging Vulnerability

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement...

9.1CVSS9.2AI score0.02906EPSS
Exploits3
NVD
NVD
added 2020/10/02 8:15 p.m.38 views

CVE-2020-12676

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack"...

9.1CVSS0.02906EPSS
Exploits3References5
Prion
Prion
added 2020/10/02 8:15 p.m.13 views

Authentication flaw

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack"...

6.4CVSS9.2AI score0.02906EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2020/10/02 7:40 p.m.75 views

CVE-2020-12676

FusionAuth fusionauth-samlv2 0.2.3 is vulnerable to a Signature Exclusion Attack: remote attackers can forge SAML messages and bypass authentication when a SAML assertion lacks a Signature element. The Red Hat/Red Hat advisory and other connected sources confirm the affected version and behavior....

9.1CVSS9.2AI score0.02906EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2020/10/02 7:40 p.m.50 views

CVE-2020-12676

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack"...

9.4AI score0.02906EPSS
Exploits3References5
Packet Storm
Packet Storm
added 2020/10/02 12:0 a.m.457 views

FusionAuth-SAMLv2 0.2.3 Message Forging

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SAML v2.0 bindings in Java using JAXB Vendor: FusionAuth CSNC ID: CSNC-2020-002 CVE ID: CVE-2020-12676 Subject: Signature Exclusion Attack Risk: High Effect: Remotely exploitable Author: Felix Sieges Date:...

9.4AI score0.02906EPSS
Exploits3
0day.today
0day.today
added 2020/01/29 12:0 a.m.124 views

FusionAuth 1.10 Remote Command Execution Vulnerability

FusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions either site templates or e-mail templates in the FusionAuth dashboard can execute commands on the underlying operating...

7.2AI score0.19807EPSS
Exploits3
NVD
NVD
added 2020/01/28 1:15 p.m.23 views

CVE-2020-7799

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...

9CVSS7AI score0.19807EPSS
Exploits3References4
OSV
OSV
added 2020/01/28 1:15 p.m.5 views

CVE-2020-7799

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...

7.2CVSS7.2AI score0.19807EPSS
Exploits3References4
Prion
Prion
added 2020/01/28 1:15 p.m.23 views

Design/Logic Flaw

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...

9CVSS7AI score0.19807EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/01/28 12:46 p.m.29 views

CVE-2020-7799

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...

7.1AI score0.19807EPSS
Exploits3References4
CVE
CVE
added 2020/01/28 12:46 p.m.65 views

CVE-2020-7799

CVE-2020-7799 affects FusionAuth before 1.11.0. An authenticated user with access to template editing (Email Templates or Themes in the FusionAuth dashboard) can abuse freemarker.template.utility.Execute in Apache FreeMarker to execute operating system commands. The vulnerability is a command-inj...

9CVSS7AI score0.19807EPSS
Exploits3References4Affected Software1
Packet Storm
Packet Storm
added 2020/01/27 12:0 a.m.126 views

FusionAuth 1.10 Remote Command Execution

@Mediaservice.net Security Advisory 2020-03 last updated on 2020-01-27 Title: FusionAuth command execution via Apache Freemarker Template Application: FusionAuth 1.10 and lower Platforms: Tested on Windows 10 and Ubuntu 19.10 Description: An authenticated attacker with enough privileges to access...

0.2AI score0.19807EPSS
Exploits3
Rows per page
Query Builder