Lucene search

Veracode Vulnerability DatabaseVERACODE:45731

HistoryMar 03, 2024 - 7:04 p.m.

Missing Critical Step In Authentication

2024-03-0319:04:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

authentication

vulnerability

saml

forge

unsigned

exploit

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Central Dogma is vulnerable to Missing Critical Step in Authentication. The vulnerability is due accepting unsigned SAML messages (assertions, logout requests, etc.) as they are when using SAML as the authentication mechanism instead of rejecting them. An attacker can forge a SAML message to authenticate themselves by exploiting this vulnerability.

CPENameOperatorVersion
central dogma (centraldogma-server-auth-saml)le0.64.2
central dogma (centraldogma-server-auth-saml)le0.64.2

CPE	Name	Operator	Version
	central dogma (centraldogma-server-auth-saml)	le	0.64.2
	central dogma (centraldogma-server-auth-saml)	le	0.64.2

References

github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54

github.com/line/centraldogma/commit/16903426be2e954c050b3ee47b8c38ee3218f0eb

github.com/line/centraldogma/pull/924

github.com/line/centraldogma/security/advisories/GHSA-hx5q-v6pj-533r

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:45731