Lucene search
K

201 matches found

Github Security Blog
Github Security Blog
added 2020/05/06 7:41 p.m.71 views

Improper Verification of Cryptographic Signature in PySAML2

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS7.2AI score0.01207EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2020/05/06 7:41 p.m.19 views

GHSA-QF7V-8HJ3-4XW7 Improper Verification of Cryptographic Signature in PySAML2

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

8.7CVSS7.4AI score0.01207EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2020/02/27 12:0 a.m.26 views

Debian DLA-2119-1 : python-pysaml2 security update

It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. For Debian 8 'Jessie', this problem has been fixed in version 2.0.0-1+deb8u3. We recommend...

7.5CVSS7.3AI score0.01207EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/02/27 12:0 a.m.38 views

Debian: Security Advisory (DLA-2119-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01207EPSS
Exploits0References3
Debian
Debian
added 2020/02/26 11:17 a.m.52 views

[SECURITY] [DLA 2119-1] python-pysaml2 security update

Package : python-pysaml2 Version : 2.0.0-1+deb8u3 CVE ID : CVE-2020-5390 Debian Bug : 949322 It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verificatio...

7.5CVSS7.4AI score0.01207EPSS
Exploits0
OSV
OSV
added 2020/02/26 12:0 a.m.17 views

DLA-2119-1 python-pysaml2 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.01207EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/02/24 12:0 a.m.23 views

Debian DSA-4630-1 : python-pysaml2 - security update

It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

7.5CVSS7.5AI score0.01207EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/02/23 12:0 a.m.23 views

Debian: Security Advisory (DSA-4630-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01207EPSS
Exploits0References4
Debian
Debian
added 2020/02/21 8:21 p.m.115 views

[SECURITY] [DSA 4630-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4630-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2020 https://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.01207EPSS
Exploits0
OSV
OSV
added 2020/02/21 12:0 a.m.20 views

DSA-4630-1 python-pysaml2 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.01207EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/01/24 2:9 p.m.23 views

CVE-2020-5390

A verification flaw was found in python-pysaml2, where it did not check that the signature in a SAML document was enveloped, which enabled XML signature wrapping XSW attacks. A remote attacker could exploit this flaw to convince SAML processing to verify the signature and accept malicious data...

7.5CVSS2AI score0.01207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/22 12:0 a.m.30 views

Ubuntu 16.04 LTS / 18.04 LTS : PySAML2 vulnerability (USN-4245-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4245-1 advisory. It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with...

7.5CVSS7.8AI score0.01207EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/22 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-4245-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01207EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2020/01/21 4:41 p.m.55 views

USN-4245-1: PySAML2 vulnerability

It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data...

7.5CVSS7.5AI score0.01207EPSS
Exploits0
OSV
OSV
added 2020/01/21 4:41 p.m.2 views

USN-4245-1 python-pysaml2 vulnerability

It was discovered that PySAML2 incorrectly handled certain SAML files. An attacker could possibly use this issue to bypass signature verification with arbitrary data...

7.5CVSS7.2AI score0.01207EPSS
Exploits0References2
Veracode
Veracode
added 2020/01/14 12:57 a.m.18 views

XML Signature Wrapping

pySAML2 is vulnerable to XML signature wrapping. The signature validation function checksignature does not properly validates the signature in a SAML document, allowing an attacker to bypass signature verification with arbitrary data...

7.5CVSS3.1AI score0.01207EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2020/01/13 7:15 p.m.10 views

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS7.5AI score0.01207EPSS
Exploits0References8
OSV
OSV
added 2020/01/13 7:15 p.m.1 views

DEBIAN-CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS7.6AI score0.01207EPSS
Exploits0References1
OSV
OSV
added 2020/01/13 7:15 p.m.25 views

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS7.5AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2020/01/13 7:15 p.m.16 views

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS7AI score0.01207EPSS
Exploits0References7
Rows per page
Query Builder