Lucene search
K

201 matches found

Debian CVE
Debian CVE
added 2021/01/21 2:15 p.m.15 views

CVE-2021-21238

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.8AI score0.01078EPSS
Exploits0
CVE
CVE
added 2021/01/21 2:15 p.m.114 views

CVE-2021-21238

PySAML2 (Python-based SAML 2.0 implementation) is affected by an improper verification of cryptographic signatures in versions prior to 6.5.0. The flaw is a variant of XML Signature wrapping: PySAML2 did not validate the SAML document against an XML schema, allowing an invalid XML document with a...

6.5CVSS6.3AI score0.01078EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2021/01/21 2:15 p.m.27 views

CVE-2021-21238

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS4AI score0.01078EPSS
Exploits0
Cvelist
Cvelist
added 2021/01/21 2:15 p.m.16 views

CVE-2021-21238 SAML XML Signature wrapping

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.5AI score0.01078EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/01/21 2:15 p.m.20 views

CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.7AI score0.0118EPSS
Exploits3
Cvelist
Cvelist
added 2021/01/21 2:15 p.m.27 views

CVE-2021-21239 Open default xmlsec1 key-type preference

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.7AI score0.0118EPSS
Exploits3References6
CVE
CVE
added 2021/01/21 2:15 p.m.223 views

CVE-2021-21239

CVE-2021-21239 affects PySAML2 (pre-6.5.0) and stems from improper verification of SAML signatures when using the default CryptoBackendXmlSec1 backend. The underlying xmlsec1 verification can accept arbitrary keys embedded in the document instead of restricting to trusted IdP certificates, enabli...

6.5CVSS6.4AI score0.0118EPSS
Exploits3References6Affected Software1
AlpineLinux
AlpineLinux
added 2021/01/21 2:15 p.m.25 views

CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS3.2AI score0.0118EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2021/01/21 2:12 p.m.5 views

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21239 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21239 Source advisory: OSV:GHSA-5P3X-R448-PC62...

6.5CVSS6.8AI score0.0118EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2021/01/21 2:12 p.m.179 views

Improper Verification of Cryptographic Signature in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the...

6.5CVSS0.8AI score0.0118EPSS
Exploits3References9Affected Software1
OSV
OSV
added 2021/01/21 2:12 p.m.29 views

GHSA-5P3X-R448-PC62 Improper Verification of Cryptographic Signature in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the...

6.9CVSS6.5AI score0.0118EPSS
Exploits3References9
OSV
OSV
added 2021/01/21 2:12 p.m.15 views

GHSA-F4G9-H89H-JGV9 SAML XML Signature wrapping in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elemen...

6.5CVSS6.5AI score0.01078EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2021/01/21 2:12 p.m.8 views

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21238 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21238 Source advisory: OSV:GHSA-F4G9-H89H-JGV9...

6.5CVSS6.8AI score0.01078EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/01/21 2:12 p.m.58 views

SAML XML Signature wrapping in PySAML2

Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 = 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elemen...

6.5CVSS2.4AI score0.01078EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2021/01/21 12:0 a.m.6 views

Idpy Pysaml2 Data Forgery Issue Vulnerability

Idpy Pysaml2 is a Python-based SAML server implementation from the Idpy community. Idpy PySAML2 before 6.5.0 suffers from a data forgery issue vulnerability that stems from a cryptographic signature validation error...

6.5CVSS6.9AI score0.0118EPSS
Exploits3References13
Positive Technologies
Positive Technologies
added 2021/01/21 12:0 a.m.4 views

PT-2021-8018 · Pypi +2 · Pysaml2 +2

Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 6.5.0 Description: The issue is related to an improper verification of cryptographic signatures, specifically a variant of XML Signature wrapping. This occurs because PySAML2 does not validate SAML documents against ...

9.8CVSS6.5AI score0.99856EPSS
Exploits14References92
FreeBSD
FreeBSD
added 2021/01/20 12:0 a.m.28 views

pysaml2 -- multiple vulnerabilities

pysaml2 Releases: Fix processing of invalid SAML XML documents - CVE-2021-21238 Fix unspecified xmlsec1 key-type preference - CVE-2021-21239...

6.5CVSS2.1AI score0.0118EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.4 views

The vulnerability of the authentication library for exchanging identification data according to the SAML2 standard, related to incorrect verification of the cryptographic signature of the data, allows a perpetrator to bypass the signature verification and gain access to protected information.

The vulnerability of the authentication library for exchanging identification data according to the SAML2 standard, implemented with PySAML2, is related to incorrect verification of the cryptographic signature of the data. Exploiting this vulnerability could allow a malicious actor to bypass the...

7.8CVSS7.2AI score0.01207EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2020/12/21 12:51 p.m.10 views

SUSE-SU-2020:3897-1 Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark

This update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila,...

9.8CVSS8.8AI score0.4478EPSS
Exploits9References16
vulnersOsv
vulnersOsv
added 2020/05/06 7:41 p.m.5 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +6 more potentially affected by CVE-2020-5390 via pysaml2 (>=4.0.2 <=4.8.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2020-5390 Source advisory: OSV:GHSA-QF7V-8HJ3-4XW7...

7.5CVSS7.1AI score0.01207EPSS
Exploits0
Rows per page
Query Builder