Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2020-5390
HistoryJan 13, 2020 - 12:00 a.m.

CVE-2020-5390

2020-01-1300:00:00
ubuntu.com
ubuntu.com
6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON

PySAML2 before 5.0.0 does not check that the signature in a SAML document
is enveloped and thus signature wrapping is effective, i.e., it is affected
by XML Signature Wrapping (XSW). The signature information and the
node/object that is signed can be in different places and thus the
signature verification will succeed, but the wrong data will be used. This
specifically affects the verification of assertion that have been signed.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpython-pysaml2< 4.0.2-0ubuntu3.1UNKNOWN
ubuntu19.04noarchpython-pysaml2< 4.5.0+dfsg1-0ubuntu2.19.04.1UNKNOWN
ubuntu19.10noarchpython-pysaml2< 4.5.0+dfsg1-0ubuntu2.19.10.1UNKNOWN
ubuntu16.04noarchpython-pysaml2< 3.0.0-3ubuntu1.16.04.4UNKNOWN

Related

ubuntu 1
openvas 3
prion 1
osv 5
debian 2
cve 1
debiancve 1
veracode 1
nessus 3
redhatcve 1
github 1
ubuntu
ubuntu
PySAML2 vulnerability
2020-01-21 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2119-1)
2020-02-27 00:00:00
Ubuntu: Security Advisory (USN-4245-1)
2020-01-22 00:00:00
Debian: Security Advisory (DSA-4630-1)
2020-02-23 00:00:00
prion
prion
Information disclosure
2020-01-13 19:15:00
osv
osv
PYSEC-2020-94
2020-01-13 19:15:00
Improper Verification of Cryptographic Signature in PySAML2
2020-05-06 19:41:29
python-pysaml2 - security update
2020-02-21 00:00:00
debian
debian
[SECURITY] [DLA 2119-1] python-pysaml2 security update
2020-02-26 11:17:15
[SECURITY] [DSA 4630-1] python-pysaml2 security update
2020-02-21 20:21:24
cve
cve
CVE-2020-5390
2020-01-13 19:15:00
debiancve
debiancve
CVE-2020-5390
2020-01-13 19:15:00
veracode
veracode
XML Signature Wrapping
2020-01-14 00:57:43
nessus
nessus
Debian DLA-2119-1 : python-pysaml2 security update
2020-02-27 00:00:00
Debian DSA-4630-1 : python-pysaml2 - security update
2020-02-24 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : PySAML2 vulnerability (USN-4245-1)
2020-01-22 00:00:00
redhatcve
redhatcve
CVE-2020-5390
2020-01-24 14:09:10
github
github
Improper Verification of Cryptographic Signature in PySAML2
2020-05-06 19:41:29

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON
Related for UB:CVE-2020-5390
ubuntu1openvas3prion1osv5debian2cve1debiancve1veracode1nessus3redhatcve1github1