Lucene search
K

43 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.13 views

CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

8.1CVSS5.5AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.15 views

CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

9.1CVSS5.9AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 p.m.14 views

CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

9.1CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:31 p.m.11 views

CVE-2026-9098 CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

5.8AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:27 p.m.33 views

CVE-2026-9096 CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:27 p.m.8 views

CVE-2026-9096 CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

5.8AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:25 p.m.30 views

CVE-2026-9095 CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:25 p.m.14 views

EUVD-2026-32949

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

8.1CVSS5.9AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:25 p.m.24 views

CVE-2026-9095

Casdoor CVE-2026-9095 affects versions 2.362.0 and earlier. The ParseSamlResponse() in object/saml_sp.go maps retrieved SAML assertions directly to user sessions without replay protection, lacking an assertion ID cache, OneTimeUse enforcement, or replay detection in the SAML SP code path. This en...

8.1CVSS5.9AI score0.00298EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:25 p.m.9 views

CVE-2026-9094

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/tokenoauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This c...

5.8AI score0.0042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:21 p.m.12 views

CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

5.8AI score0.00365EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:20 p.m.8 views

CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:17 p.m.33 views

CVE-2026-9090

Casdoor versions 2.362.0 and earlier are affected by an authentication bypass when the buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted IdP certificate. This allows forging SAML assertions with an attacker‑control...

9.1CVSS5.9AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:17 p.m.33 views

CVE-2026-9090 CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the buildSpCertificateStore function, which directly extracted X.509...

9.1CVSS5.8AI score0.00201EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from unverified email binding issues, which could lead to account...

9.1CVSS5.8AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44421

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the email verified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from logical flaws in the social login binding process, allowing users to...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.4 views

CVE-2026-5469

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not...

7.2CVSS5.6AI score0.00301EPSS
Exploits0References1
Rows per page
Query Builder