14178 matches found
SAML authentication bypass via Incorrect XPath selector
Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...
DEBIAN-CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
UBUNTU-CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409
CVE-2024-45409 affects the Ruby-SAML library used for SAML client functionality. Ubuntu/Debian advisories and IBM/GitHub entries confirm that versions <= 12.2 and 1.13.0
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
CVE-2024-45409
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
Fedora: Security Advisory (FEDORA-2023-28962dd58a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2024-6310 · Gitlab +2 · Gitlab +2
Name of the Vulnerable Software and Affected Versions: Ruby-SAML versions prior to 1.17.0 Ruby-SAML versions 1.13.0 through 1.16.0 GitLab versions prior to 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10 Description: The vulnerability is related to the Ruby SAML library, which is used for implementi...
Ruby SAML 数据伪造问题漏洞
Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A data forgery vulnerability exists in Ruby SAML that stems from Ruby-SAML's inability to properly verify the signature of a SAML response, allowing an attacker to log in to a vulnerable system as an...
OESA-2024-2114 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when ...
Debian: Security Advisory (DLA-3877-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3877-1] ruby-sinatra security update
Debian LTS Advisory DLA-3877-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof September 05, 2024 https://wiki.debian.org/LTS Package : ruby-sinatra Version : 2.0.8.1-2+deb11u1 CVE ID : CVE-2022-29970 CVE-2022-45442 Debian Bug : 1014717 1070953 Sinatra is an op...
Debian dla-3877 : ruby-rack-protection - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3877 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3877-1 [email protected]...
DLA-3877-1 ruby-sinatra - security update
Bulletin has no description...
[SECURITY] [DLA 3868-1] ruby-nokogiri security update
Debian LTS Advisory DLA-3868-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton September 03, 2024 https://wiki.debian.org/LTS Package : ruby-nokogiri Version : 1.11.1+dfsg-2+deb11u1 CVE ID : CVE-2022-24836 Debian Bug : 1009787 A vulnerability was discovered in...
[SECURITY] [DLA 3866-1] ruby-tzinfo security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3866-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 03, 2024 https://wiki.debian.org/LTS -...
Debian: Security Advisory (DLA-3866-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...