201 matches found
PYSEC-2020-94
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
Information disclosure
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +6 more potentially affected by CVE-2020-5390 via pysaml2 (>=4.0.2 <=4.8.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2020-5390 Source advisory: OSV:PYSEC-2020-94...
PYSEC-2020-94
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
CVE-2020-5390
CVE-2020-5390 affects PySAML2 prior to 5.0.0 where SAML signature enveloping is not checked, enabling XML Signature Wrapping (XSW) and causing the verification to succeed while using the wrong data (e.g., assertions). The connected documents indicate a fix is available: PySAML2 patch CVE-2020-539...
PT-2020-5164 · Pysaml2 +2 · Pysaml2 +2
Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 5.0.0 Description: The issue is related to incorrect verification of cryptographic signatures in SAML2 documents, allowing a remote attacker to bypass signature checks and access protected information. This is due to...
SUSE-SU-2019:2671-1 Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer
This update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easydiff, sleshammer fixes the following issues: In python-pysaml2 the followin...
XML External Entity (XXE)
PySAML2 is vulnerable to XML external entity attacks XXE. The vulnerability allows remote malicious users to read arbitrary files using a SAMPL XML request or response as the injection vector for the XXE attack...
Ubuntu: Security Advisory (USN-3520-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3402-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Pysaml2 improperly initializes encryption vector
Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +5 more potentially affected by CVE-2017-1000246 via pysaml2 (>=4.0.2 <=4.5.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.2.1, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000246 Source advisory: OSV:GHSA-CQ94-QF6Q-MF2H...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10149 via pysaml2 (>=4.0.2 <=4.4.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10149 Source advisory: OSV:GHSA-C2VX-49JM-H3F6...
Pysaml2 does not sanitize XML responses
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
GHSA-C2VX-49JM-H3F6 Pysaml2 does not sanitize XML responses
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
GHSA-924M-4PMX-C67H pysaml2 Improper Authentication vulnerability
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
pysaml2 Improper Authentication vulnerability
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2017-1000433 via pysaml2 (>=4.0.2 <=4.4.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000433 Source advisory: OSV:GHSA-924M-4PMX-C67H...