CVE-2020-5407
Signature Wrapping Vulnerability with spring-security-saml2-service-provider
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
Spring Security versiones 5.2.x anteriores a 5.2.4 y versiones 5.3.x anteriores a 5.3.2, contienen una vulnerabilidad de empaquetado de firma durante la comprobación de respuesta SAML. Cuando se usa el componente spring-security-saml2-service-provider, un usuario malicioso puede modificar cuidadosamente una respuesta SAML válida y agregar una afirmación arbitraria que Spring Security aceptará como válida.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-03 CVE Reserved
- 2020-05-13 CVE Published
- 2024-09-06 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (7)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tanzu.vmware.com/security/cve-2020-5407 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pivotal Software Search vendor "Pivotal Software" | Spring Security Search vendor "Pivotal Software" for product "Spring Security" | >= 5.2.0 < 5.2.4 Search vendor "Pivotal Software" for product "Spring Security" and version " >= 5.2.0 < 5.2.4" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Spring Security Search vendor "Pivotal Software" for product "Spring Security" | >= 5.3.0 < 5.3.2 Search vendor "Pivotal Software" for product "Spring Security" and version " >= 5.3.0 < 5.3.2" | - |
Affected
|