GHSA-77FW-RF4V-VFP9

Vulnerability from github – Published: 2023-06-21 22:00 – Updated: 2023-06-21 22:00
VLAI?
Summary
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
Details

Information

Please note that this is not a new disclosure, and is previously reported in our SECURITY-NOTICE.md which we removed in favor of github advisory.

Overview

This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider:

  • signs SAML response and signs assertion

  • does not sign SAML response and signs assertion

Am I affected?

You may be affected if you use SAML2 protocol with passport-wsfed-saml2 versions below 3.0.5 and your SAML identity Provider: 1. signs SAML response and signs assertion; or 2. does not sign SAML response and signs assertion

How do I fix it?

You may fix this vulnerability by upgrading your library to version 3.0.5 or above.

Will the fix impact my users?

This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.

Severity ?
8.1 (High)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "passport-wsfed-saml2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-21T22:00:18Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Information\nPlease note that this is not a new disclosure, and is previously reported in our [SECURITY-NOTICE.md](https://github.com/auth0/passport-wsfed-saml2/commit/520b9fc0bb4249ce83bec47e30153419f086ab70\n) which we removed in favor of github advisory. \n\n# Overview \n This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider:\n\n- signs SAML response and signs assertion\n\n- does not sign SAML response and signs assertion\n\n# Am I affected?\n\nYou may be affected if you use SAML2 protocol with passport-wsfed-saml2 versions below 3.0.5 and your SAML identity Provider: \n1. signs SAML response and signs assertion; or \n2. does not sign SAML response and signs assertion\n\n# How do I fix it?\n\nYou may fix this vulnerability by upgrading your library to version 3.0.5 or above. \n\n# Will the fix impact my users?\nThis fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.",
  "id": "GHSA-77fw-rf4v-vfp9",
  "modified": "2023-06-21T22:00:18Z",
  "published": "2023-06-21T22:00:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-77fw-rf4v-vfp9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16897"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/passport-wsfed-saml2/commit/520b9fc0bb4249ce83bec47e30153419f086ab70"
    },
    {
      "type": "WEB",
      "url": "https://auth0.com/docs/security/bulletins/cve-2017-16897"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/auth0/passport-wsfed-saml2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.