CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45683 – Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml
https://notcve.org/view.php?id=CVE-2023-45683
github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. • https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79 https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41912 – crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements
https://notcve.org/view.php?id=CVE-2022-41912
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. La librería Crewjam/saml go anterior a la versión 0.4.9 es vulnerable a una omisión de autenticación al procesar respuestas SAML que contienen múltiples elementos de afirmación. Este problema se ha corregido en la versión 0.4.9. • http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g https://access.redhat.com/security/cve/CVE-2022-41912 https://bugzilla.redhat.com/show_bug.cgi?id=2149181 • CWE-165: Improper Neutralization of Multiple Internal Special Elements CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-44457
https://notcve.org/view.php?id=CVE-2022-44457
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration. Se ha identificado una vulnerabilidad en Mendix SAML (compatible con Mendix 7) (Todas las versiones < V1.17.0), Mendix SAML (compatible con Mendix 7) (Todas las versiones >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (Todas las versiones < V2.3.0), Mendix SAML (compatible con Mendix 8) (Todas las versiones > V2.3.0 < V2.3.2), Mendix SAML (compatible con Mendix 9, New Track) (Todas las versiones < V3.3.1), Mendix SAML (compatible con Mendix 9, New Track) (todas las versiones >= V3.3.1 < V3.3.5), Mendix SAML (compatible con Mendix 9, Upgrade Track) (todas las versiones < V3.3.0 ), Mendix SAML (compatible con Mendix 9, Upgrade Track) (Todas las versiones > V3.3.0 y < V3.3.4). Las versiones afectadas del módulo no protegen suficientemente contra la reproducción de captura de paquetes, solo cuando la opción de configuración no predeterminada y no recomendada ""Permitir Autenticación Iniciada por Idp"" está habilitada. Esta entrada de CVE describe la solución incompleta para CVE-2022-37011 en una configuración específica no predeterminada. • https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-37011
https://notcve.org/view.php?id=CVE-2022-37011
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. Se ha identificado una vulnerabilidad en el módulo SAML de Mendix (compatible con Mendix 7) (todas las versiones anteriores a V1.17.0), el módulo SAML de Mendix (compatible con Mendix 8) (todas las versiones anteriores a V2.3.0), el módulo SAML de Mendix (compatible con Mendix 9, New Track) (todas las versiones anteriores a V3.3.1), el módulo SAML de Mendix (compatible con Mendix 9, Upgrade Track) (todas las versiones anteriores a V3.3.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-32286
https://notcve.org/view.php?id=CVE-2022-32286
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. Se ha identificado una vulnerabilidad en el módulo SAML de Mendix (Mendix 7 compatible) (Todas las versiones anteriores a V1.16.6), el módulo SAML de Mendix (Mendix 8 compatible) (Todas las versiones anteriores a V2.2.2), el módulo SAML de Mendix (Mendix 9 compatible) (Todas las versiones anteriores a V3.2.3). En determinadas configuraciones el módulo SAML es vulnerable a ataques de tipo Cross Site Scripting (XSS) debido a un insuficiente saneo de los mensajes de error. • https://cert-portal.siemens.com/productcert/pdf/ssa-740594.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •