CVE-2023-45683 – Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml
https://notcve.org/view.php?id=CVE-2023-45683
github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. • https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79 https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-28119 – crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
https://notcve.org/view.php?id=CVE-2023-28119
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13. • https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 https://github.com/crewjam/saml/security/advisories/GHSA-5mqj-xc49-246p • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-41912 – crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements
https://notcve.org/view.php?id=CVE-2022-41912
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. La librería Crewjam/saml go anterior a la versión 0.4.9 es vulnerable a una omisión de autenticación al procesar respuestas SAML que contienen múltiples elementos de afirmación. Este problema se ha corregido en la versión 0.4.9. • http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g https://access.redhat.com/security/cve/CVE-2022-41912 https://bugzilla.redhat.com/show_bug.cgi?id=2149181 • CWE-165: Improper Neutralization of Multiple Internal Special Elements CWE-287: Improper Authentication •
CVE-2022-44457
https://notcve.org/view.php?id=CVE-2022-44457
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration. Se ha identificado una vulnerabilidad en Mendix SAML (compatible con Mendix 7) (Todas las versiones < V1.17.0), Mendix SAML (compatible con Mendix 7) (Todas las versiones >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (Todas las versiones < V2.3.0), Mendix SAML (compatible con Mendix 8) (Todas las versiones > V2.3.0 < V2.3.2), Mendix SAML (compatible con Mendix 9, New Track) (Todas las versiones < V3.3.1), Mendix SAML (compatible con Mendix 9, New Track) (todas las versiones >= V3.3.1 < V3.3.5), Mendix SAML (compatible con Mendix 9, Upgrade Track) (todas las versiones < V3.3.0 ), Mendix SAML (compatible con Mendix 9, Upgrade Track) (Todas las versiones > V3.3.0 y < V3.3.4). Las versiones afectadas del módulo no protegen suficientemente contra la reproducción de captura de paquetes, solo cuando la opción de configuración no predeterminada y no recomendada ""Permitir Autenticación Iniciada por Idp"" está habilitada. Esta entrada de CVE describe la solución incompleta para CVE-2022-37011 en una configuración específica no predeterminada. • https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVE-2022-37011
https://notcve.org/view.php?id=CVE-2022-37011
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. Se ha identificado una vulnerabilidad en el módulo SAML de Mendix (compatible con Mendix 7) (todas las versiones anteriores a V1.17.0), el módulo SAML de Mendix (compatible con Mendix 8) (todas las versiones anteriores a V2.3.0), el módulo SAML de Mendix (compatible con Mendix 9, New Track) (todas las versiones anteriores a V3.3.1), el módulo SAML de Mendix (compatible con Mendix 9, Upgrade Track) (todas las versiones anteriores a V3.3.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf • CWE-294: Authentication Bypass by Capture-replay •