Lucene search
K

367 matches found

OSV
OSV
added 2025/05/06 9:18 p.m.6 views

GHSA-8GQJ-226H-GM8R Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...

8.6CVSS6.8AI score0.00326EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/06 9:18 p.m.35 views

Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Am I Affected? You are affected by this SAML Signature Wrapping vulnerability if you a...

9.3CVSS6.9AI score0.00369EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/06 9:18 p.m.7 views

GHSA-WJMP-WPHQ-JVQF Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Am I Affected? You are affected by this SAML Signature Wrapping vulnerability if you a...

9.3CVSS6.8AI score0.00369EPSS
Exploits0References4
NVD
NVD
added 2025/05/06 9:16 p.m.59 views

CVE-2025-46572

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 8:22 p.m.66 views

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/06 8:22 p.m.8 views

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.2CVSS6.6AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2025/05/06 8:22 p.m.64 views

CVE-2025-46573

passport-wsfed-saml2 versions 3.0.5–4.6.3 are vulnerable to impersonation during SAML authentication by tampering with a valid SAML response (adding attributes). The vulnerability occurs when the SP uses passport-wsfed-saml2 and a valid SAML Response signed by the IdP is obtainable. Version 4.6.4...

8.6CVSS6.7AI score0.00326EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 8:22 p.m.20 views

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS6.7AI score0.00326EPSS
Exploits0References4
CVE
CVE
added 2025/05/06 8:18 p.m.78 views

CVE-2025-46572

Summary of CVE-2025-46572 (passport-wsfed-saml2): A SAML-based impersonation vulnerability affects versions 3.0.5 through 4.6.3 of passport-wsfed-saml2 when the Service Provider uses this module and a valid SAML document signed by the IdP can be obtained. An attacker can craft a SAMLResponse to i...

9.3CVSS6.6AI score0.00369EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/06 8:18 p.m.8 views

CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS6.9AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 8:18 p.m.19 views

CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS6.7AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/06 8:18 p.m.58 views

CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.7 views

PT-2025-19970 · Unknown · Passport-Wsfed-Saml2

Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions 3.0.5 through 4.6.3 Description: A vulnerability in passport-wsfed-saml2 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding...

8.6CVSS6.3AI score0.00326EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.4 views

PT-2025-19969 · Auth0 · Passport-Wsfed-Saml2

Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions 3.0.5 through 4.6.3 Description: A vulnerability in passport-wsfed-saml2 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by...

9.3CVSS6.3AI score0.00369EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/04/13 11:38 a.m.13 views

CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS6.5AI score0.00444EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/04/11 11:15 a.m.2 views

CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS7.3AI score0.00444EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/04/11 11:15 a.m.27 views

CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS0.00444EPSS
Exploits0References2
OSV
OSV
added 2025/04/11 11:15 a.m.12 views

CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS6.5AI score0.00444EPSS
Exploits0References2
CVE
CVE
added 2025/04/11 10:46 a.m.77 views

CVE-2025-23389

CVE-2025-23389 is an improper access control flaw in Rancher where a local user can impersonate other identities during first login via SAML. Affected Rancher releases: 2.8.0–2.8.13, 2.9.0–2.9.7, and 2.10.0–2.10.3. Impact per sources: high, with potential confidentiality and integrity impacts and...

8.4CVSS8.2AI score0.00444EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/11 10:46 a.m.7 views

CVE-2025-23389 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

8.4CVSS6.6AI score0.00444EPSS
Exploits0References2
Rows per page
Query Builder