2 matches found
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the buildSp function, which fails to set the AudienceURI and does not inspect the WarningInfo.NotInAudience field. An attacker can gain unauthorized access by submitting SAML assertions intended for other...
GHSA-3W4H-G9F5-J84P Casdoor does not validate the AudienceRestriction element in SAML assertions
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...