Lucene search
+L

12 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 6:17 p.m.15 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS6.8AI score0.02512EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.51 views

CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

5.3CVSS6.6AI score0.00889EPSS
Exploits0References2
OSV
OSV
added 2019/07/05 9:11 p.m.55 views

GHSA-94HM-8Q65-RMXM OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmniAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

7.7CVSS9.4AI score0.02415EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2019/07/05 9:11 p.m.35 views

OmniAuth-SAML authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmniAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

9.8CVSS9.1AI score0.02415EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/05 9:11 p.m.33 views

Ruby-SAML Improper Authentication vulnerability

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS4.8AI score0.02512EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2019/04/17 2:29 p.m.16 views

Authentication flaw

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.5CVSS9.4AI score0.04636EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/04/17 2:29 p.m.12 views

Authentication flaw

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

7.5CVSS9.4AI score0.02512EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2019/04/17 2:29 p.m.25 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS7.1AI score0.02512EPSS
Exploits1References4
OSV
OSV
added 2019/04/17 2:29 p.m.17 views

PYSEC-2019-198

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS4.9AI score0.04636EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/04/17 2:0 p.m.53 views

CVE-2017-11430 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

7.7CVSS8.7AI score0.02415EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/04/17 1:59 p.m.59 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS8.7AI score0.02512EPSS
Exploits1
CVE
CVE
added 2019/04/17 1:59 p.m.100 views

CVE-2017-11427

Affected software: OneLogin PythonSAML (PythonSAML) with version 2.3.0 and earlier. Root cause: Incorrect use of XML DOM traversal and canonicalization APIs, enabling manipulation of SAML data while preserving the cryptographic signature. Impact: Potential bypass of authentication to SAML service...

9.8CVSS8.6AI score0.04636EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder