CVE-2022-26493
CVE-2022-26493 affects Xecurify’s miniOrange Drupal SAML SP modules (Premium, Standard, Enterprise) for Drupal 7, 8, and 9. The root cause is an authentication/authorization bypass via removing the SAML Assertion Signature, allowing an attacker who can intercept HTTP requests to impersonate exist...