7 matches found
CVE-2012-2351
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...
GO-2025-3505 Fleet has SAML authentication vulnerability due to improper SAML response validation in github.com/fleetdm/fleet
Fleet has SAML authentication vulnerability due to improper SAML response validation in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
GHSA-52JX-G6M5-H735 Fleet has SAML authentication vulnerability due to improper SAML response validation
Summary A vulnerability in Fleet’s SAML authentication handling could allow an attacker to forge authentication assertions and gain unauthorized access to Fleet. In certain configurations, this could result in the creation of new user accounts, including administrative accounts. This issue affect...
Fleet has SAML authentication vulnerability due to improper SAML response validation
Summary A vulnerability in Fleet’s SAML authentication handling could allow an attacker to forge authentication assertions and gain unauthorized access to Fleet. In certain configurations, this could result in the creation of new user accounts, including administrative accounts. This issue affect...
CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation
fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...
CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation
fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...