ghsa-4m6j-23p2-8c54
Vulnerability from github
Published
2024-02-26 20:04
Modified
2024-02-26 20:04
Severity ?
Summary
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Details
Impact
The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.
Patches
The vulnerability has been patched in Armeria version 1.27.2. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
Workarounds
There is no known workaround for this vulnerability.
References
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.27.1"
},
"package": {
"ecosystem": "Maven",
"name": "com.linecorp.armeria:armeria-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.27.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-1735"
],
"database_specific": {
"cwe_ids": [
"CWE-304"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-26T20:04:37Z",
"nvd_published_at": "2024-02-26T16:27:53Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nThe SAML implementation provided by `armeria-saml` currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.\n\n### Patches\n\nThe vulnerability has been patched in Armeria version 1.27.2. All users who rely on `armeria-saml` older than version 1.27.2 must upgrade to 1.27.2 or later.\n\n### Workarounds\n\nThere is no known workaround for this vulnerability.\n\n### References\n\n[`SamlMessageUtil.validateSignature()`](https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163)",
"id": "GHSA-4m6j-23p2-8c54",
"modified": "2024-02-26T20:04:37Z",
"published": "2024-02-26T20:04:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1735"
},
{
"type": "WEB",
"url": "https://github.com/line/armeria/commit/b2aa9f49b46a7b0e03d8b8d753809cd1e8e2016c"
},
{
"type": "PACKAGE",
"url": "https://github.com/line/armeria"
},
{
"type": "WEB",
"url": "https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163"
},
{
"type": "WEB",
"url": "https://github.com/line/armeria/releases/tag/armeria-1.27.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Armeria SAML authentication bypass due to missing validation on unsigned SAML messages"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.