CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45683 – Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml
https://notcve.org/view.php?id=CVE-2023-45683
16 Oct 2023 — github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim onc... • https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40178 – @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
https://notcve.org/view.php?id=CVE-2023-40178
23 Aug 2023 — Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5. • https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec • CWE-347: Improper Verification of Cryptographic Signature CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28119 – crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
https://notcve.org/view.php?id=CVE-2023-28119
22 Mar 2023 — The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issu... • https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26267
https://notcve.org/view.php?id=CVE-2023-26267
21 Feb 2023 — php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. • https://git.sr.ht/~fkooman/php-saml-sp/commit/851f75b298a77e62d9022f1b170f662f5f7716d6 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41912 – crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements
https://notcve.org/view.php?id=CVE-2022-41912
28 Nov 2022 — The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. La librería Crewjam/saml go anterior a la versión 0.4.9 es vulnerable a una omisión de autenticación al procesar respuestas SAML que contienen múltiples elementos de afirmación. Este problema se ha corregido en la versión 0.4.9. • https://packetstorm.news/files/id/170356 • CWE-165: Improper Neutralization of Multiple Internal Special Elements CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-39300 – Signature bypass via multiple root elements in node-SAML
https://notcve.org/view.php?id=CVE-2022-39300
13 Oct 2022 — node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer... • https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 8%CPEs: 5EXPL: 3CVE-2022-39299 – Signature bypass via multiple root elements in Passport-SAML
https://notcve.org/view.php?id=CVE-2022-39299
12 Oct 2022 — Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml versi... • https://packetstorm.news/files/id/169826 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39171 – Unlimited transforms allowed for signed nodes
https://notcve.org/view.php?id=CVE-2021-39171
27 Aug 2021 — Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2. • https://github.com/node-saml/passport-saml/pull/595 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 12%CPEs: 10EXPL: 1CVE-2020-27846 – crewjam/saml: authentication bypass in saml authentication
https://notcve.org/view.php?id=CVE-2020-27846
21 Dec 2020 — A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se presenta una vulnerabilidad de verificación de firmas en crewjam/saml. Este fallo permite a un atacante omitir la autenticación SAML. • https://bugzilla.redhat.com/show_bug.cgi?id=1907670 • CWE-115: Misinterpretation of Input •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11430 – Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
https://notcve.org/view.php?id=CVE-2017-11430
17 Apr 2019 — OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. OmniAuth OmnitAuth-SAML versión 1.9.0 y versiones anteriores pueden utilizar incorrectamente los resultados de las API de transversalización y canonicalización de DOM de XML de tal m... • https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations • CWE-287: Improper Authentication •