7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.0%
github.com/crewjam/saml is a saml library for the go language. In affected
versions the package does not validate the ACS Location URI according to
the SAML binding being parsed. If abused, this flaw allows attackers to
register malicious Service Providers at the IdP and inject Javascript in
the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the
IdP context during the redirection at the end of a SAML SSO Flow.
Consequently, an attacker may perform any authenticated action as the
victim once the victimβs browser loaded the SAML IdP initiated SSO link for
the malicious service provider. Note: SP registration is commonly an
unrestricted operation in IdPs, hence not requiring particular permissions
or publicly accessible to ease the IdP interoperability. This issue is
fixed in version 0.4.14. Users unable to upgrade may perform external
validation of URLs provided in SAML metadata, or restrict the ability for
end-users to upload arbitrary metadata.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | golang-github-crewjam-saml | <Β any | UNKNOWN |
ubuntu | 23.10 | noarch | golang-github-crewjam-saml | <Β any | UNKNOWN |
ubuntu | 24.04 | noarch | golang-github-crewjam-saml | <Β any | UNKNOWN |