Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.10 views

CVE-2022-23610

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...

9.1CVSS6.7AI score0.0067EPSS
Exploits0References1
CVE
CVE
added 2022/03/16 5:40 p.m.119 views

CVE-2022-23610

CVE-2022-23610 affects wire-server before 2022-01-27, where an upstream library used for parsing/validating SAML XML could accept attacker-provided public keys as trusted in signatures. This enabled an attacker to bypass SAML SSO and impersonate any Wire user with SAML credentials, including crea...

9.1CVSS8.1AI score0.0067EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/03/16 5:40 p.m.9 views

CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...

9.1CVSS9.2AI score0.0067EPSS
Exploits0References2
OSV
OSV
added 2022/03/16 5:40 p.m.8 views

CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...

9.1CVSS7.8AI score0.0067EPSS
Exploits0References4
Rows per page
Query Builder