CVE-2024-5328

CVE-2024-5328 affects lunary-ai/lunary. The issue is a SSRF in the /auth/saml/tto/download-idp-xml endpoint where user-supplied URLs are not validated before being used in server-side requests. Consequences described include disclosure of sensitive information, potential service disruption, and t...

auth-saml (=0.0.1), authx (>=1.2.0 <=1.2.4) +2 more potentially affected by unknown CVE via saml2-js (>=1.10.0 <=1.12.4)

saml2-js NPM version =1.10.0, =1.2.0, =0.0.1, =0.10.0, =0.11.3 Source cves: unknown CVE Source advisory: OSV:GHSA-MFCP-34XW-P57X...

CVE-2012-2351

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...

CVE-2012-2351

The vulnerability CVE-2012-2351 affects Mahara’s auth/saml plugin. In Mahara versions older than 1.4.2, the default setting for “Match username attribute to Remote username” is false, enabling a remote SAML IdP to spoof users on other IdPs by reusing the same internal username. This is a configur...