CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45683 – Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml
https://notcve.org/view.php?id=CVE-2023-45683
github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. • https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79 https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29129
https://notcve.org/view.php?id=CVE-2023-29129
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration. • https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf • CWE-287: Improper Authentication CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28119 – crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
https://notcve.org/view.php?id=CVE-2023-28119
The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13. • https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 https://github.com/crewjam/saml/security/advisories/GHSA-5mqj-xc49-246p • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25957
https://notcve.org/view.php?id=CVE-2023-25957
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the recommended, default configuration option `'Use Encryption'` is disabled. • https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf • CWE-287: Improper Authentication CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41912 – crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements
https://notcve.org/view.php?id=CVE-2022-41912
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. La librería Crewjam/saml go anterior a la versión 0.4.9 es vulnerable a una omisión de autenticación al procesar respuestas SAML que contienen múltiples elementos de afirmación. Este problema se ha corregido en la versión 0.4.9. • http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g https://access.redhat.com/security/cve/CVE-2022-41912 https://bugzilla.redhat.com/show_bug.cgi?id=2149181 • CWE-165: Improper Neutralization of Multiple Internal Special Elements CWE-287: Improper Authentication •