CVE-2018-1000165
CVE-2018-1000165 affects LightSAML prior to version 1.3.5, where an Incorrect Access Control flaw in the signature validation logic for readers (src/LightSaml/Model/XmlDSig/) could allow impersonation of a user from the Identity Provider. The vulnerability’s root cause is insufficient access cont...