OmniAuth-saml is vulnerable to authentication bypass. The application uses a vulnerable version of ruby-saml
, meaning it does not properly parse comments in certain XML nodes, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML message without invalidating the cryptographic signature and bypass authentication for the SAML provider.
CPE | Name | Operator | Version |
---|---|---|---|
omniauth-saml | le | 1.9.0 |