Lucene search
K
OmniauthOmniauth Saml

5 matches found

CVE
CVE
added 2025/03/12 8:53 p.m.2057 views

CVE-2025-25292

Ruby-saml contains an authentication bypass vulnerability caused by a parser differential between ReXML and Nokogiri. The issue affects versions older than 1.12.4 and 1.18.0, enabling a Signature Wrapping attack that can lead to bypassing SAML authentication. A patch exists in versions 1.12.4 and...

9.8CVSS7AI score0.63792EPSS
CVE
CVE
added 2025/03/12 8:16 p.m.2014 views

CVE-2025-25291

ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...

9.8CVSS7AI score0.19506EPSS
CVE
CVE
added 2024/09/10 6:50 p.m.366 views

CVE-2024-45409

CVE-2024-45409 affects the Ruby-SAML library used for SAML client functionality. Ubuntu/Debian advisories and IBM/GitHub entries confirm that versions <= 12.2 and 1.13.0

10CVSS9.3AI score0.10684EPSS
CVE
CVE
added 2019/04/17 2:0 p.m.96 views

CVE-2017-11430

The CVE-2017-11430 entry concerns OmniAuth OmnitAuth-SAML 1.9.0 and earlier. The root cause is incorrect handling of XML DOM traversal and canonicalization APIs, enabling an attacker to manipulate SAML data without invalidating the cryptographic signature and potentially bypass authentication to ...

9.8CVSS8.7AI score0.02415EPSS
CVE
CVE
added 2025/03/12 8:11 p.m.96 views

CVE-2025-25293

CVE-2025-25293 concerns the ruby-saml library used for SAML SSO in Ruby. The issue affects prior to versions 1.12.4 and 1.18.0, where remote attackers could trigger a Denial of Service by sending compressed SAML responses. The vulnerability stems from how ruby-saml decompresses SAML assertions wi...

8.7CVSS6.6AI score0.01359EPSS