Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/08 8:39 p.m.19 views

CVE-2025-46573

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS7AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2025/05/06 9:16 p.m.73 views

CVE-2025-46573

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS0.00326EPSS
Exploits0References2
CVE
CVE
added 2025/05/06 8:22 p.m.65 views

CVE-2025-46573

passport-wsfed-saml2 versions 3.0.5–4.6.3 are vulnerable to impersonation during SAML authentication by tampering with a valid SAML response (adding attributes). The vulnerability occurs when the SP uses passport-wsfed-saml2 and a valid SAML Response signed by the IdP is obtainable. Version 4.6.4...

8.6CVSS6.7AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 8:22 p.m.67 views

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS0.00326EPSS
Exploits0References2
OSV
OSV
added 2025/05/06 8:22 p.m.23 views

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS6.7AI score0.00326EPSS
Exploits0References4
Rows per page
Query Builder