CVE-2023-49087 (GCVE-0-2023-49087)
Vulnerability from cvelistv5 – Published: 2023-11-30 05:20 – Updated: 2024-08-02 21:46
VLAI?
Summary
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.
Severity ?
6.8 (Medium)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| simplesamlphp | xml-security |
Affected:
= 1.6.11
Affected: = 5.0.0-alpha.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
},
{
"name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xml-security",
"vendor": "simplesamlphp",
"versions": [
{
"status": "affected",
"version": "= 1.6.11"
},
{
"status": "affected",
"version": "= 5.0.0-alpha.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T05:20:28.298Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
},
{
"name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
}
],
"source": {
"advisory": "GHSA-ww7x-3gxh-qm6r",
"discovery": "UNKNOWN"
},
"title": "Validation of SignedInfo"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49087",
"datePublished": "2023-11-30T05:20:28.298Z",
"dateReserved": "2023-11-21T18:57:30.429Z",
"dateUpdated": "2024-08-02T21:46:29.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:simplesamlphp:saml2:5.0.0:alpha12:*:*:*:*:*:*\", \"matchCriteriaId\": \"96D08664-7238-4C52-B40E-F32E304DE2D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:simplesamlphp:xml-security:1.6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F1375D1-EBBE-4AD5-8271-457C64C948BD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.\"}, {\"lang\": \"es\", \"value\": \"xml-security es una librer\\u00eda que implementa cifrado y firmas XML. La validaci\\u00f3n de una firma XML requiere verificar que el valor hash del documento XML relacionado coincida con un valor DigestValue espec\\u00edfico, pero tambi\\u00e9n que la firma criptogr\\u00e1fica en el \\u00e1rbol SignedInfo (el que contiene el DigestValue) verifique y coincida con una clave p\\u00fablica confiable. Si un atacante de alguna manera (es decir, explotando un error en la funci\\u00f3n de canonicalizaci\\u00f3n de PHP) logra manipular el DigestValue de la versi\\u00f3n canonicalizada, ser\\u00eda posible falsificar la firma. Este problema se solucion\\u00f3 en las versiones 1.6.12 y 5.0.0-alpha.13.\"}]",
"id": "CVE-2023-49087",
"lastModified": "2024-11-21T08:32:47.700",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-11-30T06:15:47.173",
"references": "[{\"url\": \"https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-49087\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-11-30T06:15:47.173\",\"lastModified\":\"2024-11-21T08:32:47.700\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.\"},{\"lang\":\"es\",\"value\":\"xml-security es una librer\u00eda que implementa cifrado y firmas XML. La validaci\u00f3n de una firma XML requiere verificar que el valor hash del documento XML relacionado coincida con un valor DigestValue espec\u00edfico, pero tambi\u00e9n que la firma criptogr\u00e1fica en el \u00e1rbol SignedInfo (el que contiene el DigestValue) verifique y coincida con una clave p\u00fablica confiable. Si un atacante de alguna manera (es decir, explotando un error en la funci\u00f3n de canonicalizaci\u00f3n de PHP) logra manipular el DigestValue de la versi\u00f3n canonicalizada, ser\u00eda posible falsificar la firma. Este problema se solucion\u00f3 en las versiones 1.6.12 y 5.0.0-alpha.13.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:simplesamlphp:saml2:5.0.0:alpha12:*:*:*:*:*:*\",\"matchCriteriaId\":\"96D08664-7238-4C52-B40E-F32E304DE2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:simplesamlphp:xml-security:1.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F1375D1-EBBE-4AD5-8271-457C64C948BD\"}]}]}],\"references\":[{\"url\":\"https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
GSD-2023-49087
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-49087",
"id": "GSD-2023-49087"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-49087"
],
"details": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.",
"id": "GSD-2023-49087",
"modified": "2023-12-13T01:20:35.058016Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-49087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xml-security",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "= 1.6.11"
},
{
"version_affected": "=",
"version_value": "= 5.0.0-alpha.12"
}
]
}
}
]
},
"vendor_name": "simplesamlphp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-345",
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
"refsource": "MISC",
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
},
{
"name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
"refsource": "MISC",
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
}
]
},
"source": {
"advisory": "GHSA-ww7x-3gxh-qm6r",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:simplesamlphp:saml2:5.0.0:alpha12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:simplesamlphp:xml-security:1.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-49087"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
"refsource": "",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
},
{
"name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
"refsource": "",
"tags": [
"Patch"
],
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-12-06T17:49Z",
"publishedDate": "2023-11-30T06:15Z"
}
}
}
FKIE_CVE-2023-49087
Vulnerability from fkie_nvd - Published: 2023-11-30 06:15 - Updated: 2024-11-21 08:32
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| simplesamlphp | saml2 | 5.0.0 | |
| simplesamlphp | xml-security | 1.6.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simplesamlphp:saml2:5.0.0:alpha12:*:*:*:*:*:*",
"matchCriteriaId": "96D08664-7238-4C52-B40E-F32E304DE2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:simplesamlphp:xml-security:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1375D1-EBBE-4AD5-8271-457C64C948BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
},
{
"lang": "es",
"value": "xml-security es una librer\u00eda que implementa cifrado y firmas XML. La validaci\u00f3n de una firma XML requiere verificar que el valor hash del documento XML relacionado coincida con un valor DigestValue espec\u00edfico, pero tambi\u00e9n que la firma criptogr\u00e1fica en el \u00e1rbol SignedInfo (el que contiene el DigestValue) verifique y coincida con una clave p\u00fablica confiable. Si un atacante de alguna manera (es decir, explotando un error en la funci\u00f3n de canonicalizaci\u00f3n de PHP) logra manipular el DigestValue de la versi\u00f3n canonicalizada, ser\u00eda posible falsificar la firma. Este problema se solucion\u00f3 en las versiones 1.6.12 y 5.0.0-alpha.13."
}
],
"id": "CVE-2023-49087",
"lastModified": "2024-11-21T08:32:47.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-30T06:15:47.173",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-WW7X-3GXH-QM6R
Vulnerability from github – Published: 2023-11-28 18:52 – Updated: 2023-12-06 21:08
VLAI?
Summary
Validation of SignedInfo
Details
Validation of an XML Signature requires verification that the hash value of the related XML-document (after any optional transformations and/or normalizations) matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key.
Within the simpleSAMLphp/xml-security library (https://github.com/simplesamlphp/xml-security), the hash is being validated using SignedElementTrait::validateReference, and the signature is being verified in SignedElementTrait::verifyInternal
https://github.com/simplesamlphp/xml-security/blob/master/src/XML/SignedElementTrait.php:
What stands out is that the signature is being calculated over the canonical version of the SignedInfo-tree. The validateReference method, however, uses the original non-canonicalized version of SignedInfo.
Impact
If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be potentially be possible to forge the signature. No possibilities to exploit this were found during the investigation.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "simplesamlphp/xml-security"
},
"ranges": [
{
"events": [
{
"introduced": "1.6.11"
},
{
"fixed": "1.6.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.11"
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "simplesamlphp/saml2"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0-alpha.12"
},
{
"fixed": "5.0.0-alpha.13"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.0-alpha.12"
]
}
],
"aliases": [
"CVE-2023-49087"
],
"database_specific": {
"cwe_ids": [
"CWE-345"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-28T18:52:19Z",
"nvd_published_at": "2023-11-30T06:15:47Z",
"severity": "HIGH"
},
"details": "Validation of an XML Signature requires verification that the hash value of the related XML-document (after any optional transformations and/or normalizations) matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key.\n\nWithin the simpleSAMLphp/xml-security library (https://github.com/simplesamlphp/xml-security), the hash is being validated using SignedElementTrait::validateReference, and the signature is being verified in SignedElementTrait::verifyInternal\n\nhttps://github.com/simplesamlphp/xml-security/blob/master/src/XML/SignedElementTrait.php:\n\n\n\nWhat stands out is that the signature is being calculated over the canonical version of the SignedInfo-tree. The validateReference method, however, uses the original non-canonicalized version of SignedInfo.\n\n### Impact\nIf an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be potentially be possible to forge the signature. No possibilities to exploit this were found during the investigation.",
"id": "GHSA-ww7x-3gxh-qm6r",
"modified": "2023-12-06T21:08:04Z",
"published": "2023-11-28T18:52:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49087"
},
{
"type": "WEB",
"url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
},
{
"type": "PACKAGE",
"url": "https://github.com/simplesamlphp/xml-security"
},
{
"type": "WEB",
"url": "https://github.com/simplesamlphp/xml-security/blob/master/src/XML/SignedElementTrait.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Validation of SignedInfo"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…