ghsa-j2jp-wvqg-wc2g
Vulnerability from github
Published
2022-11-29 23:55
Modified
2022-12-01 22:13
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Details

Impact

The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.

Patches

This issue has been corrected in version 0.4.9.

Credit

This issue was reported by Felix Wilhelm from Google Project Zero.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/crewjam/saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-29T23:55:54Z",
    "nvd_published_at": "2022-11-28T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.\n\n### Patches\n\nThis issue has been corrected in version 0.4.9.\n\n### Credit\n\nThis issue was reported by Felix Wilhelm from Google Project Zero.\n",
  "id": "GHSA-j2jp-wvqg-wc2g",
  "modified": "2022-12-01T22:13:04Z",
  "published": "2022-11-29T23:55:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g"
    },
    {
      "type": "WEB",
      "url": "https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41912"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/crewjam/saml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/crewjam/saml/releases/tag/v0.4.9"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-1129"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.