CVE-2022-39300
Signature bypass via multiple root elements in node-SAML
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.
node SAML es una biblioteca SAML versión 2.0 basada en la implementación SAML de passport-saml. Un atacante remoto puede ser capaz de omitir la autenticación SAML en un sitio web usando passport-saml. Un ataque con éxito requiere que el atacante esté en posesión de un elemento XML firmado por un IDP arbitrario. Dependiendo del IDP usado, los ataques sin autenticación (por ejemplo, sin acceso a un usuario válido) también podrían ser factibles si puede desencadenarse la generación de un mensaje firmado. Los usuarios deben actualizar a versión 4.0.0-beta5 de node-saml o más reciente. Puede deshabilitarse la autenticación SAML como mitigación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-02 CVE Reserved
- 2022-10-13 CVE Published
- 2024-05-05 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe | 2022-10-14 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Node Saml Project Search vendor "Node Saml Project" | Node Saml Search vendor "Node Saml Project" for product "Node Saml" | < 4.0.0 Search vendor "Node Saml Project" for product "Node Saml" and version " < 4.0.0" | node.js |
Affected
| ||||||
| Node Saml Project Search vendor "Node Saml Project" | Node Saml Search vendor "Node Saml Project" for product "Node Saml" | 4.0.0 Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0" | beta0, node.js |
Affected
| ||||||
| Node Saml Project Search vendor "Node Saml Project" | Node Saml Search vendor "Node Saml Project" for product "Node Saml" | 4.0.0 Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0" | beta1, node.js |
Affected
| ||||||
| Node Saml Project Search vendor "Node Saml Project" | Node Saml Search vendor "Node Saml Project" for product "Node Saml" | 4.0.0 Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0" | beta2, node.js |
Affected
| ||||||
| Node Saml Project Search vendor "Node Saml Project" | Node Saml Search vendor "Node Saml Project" for product "Node Saml" | 4.0.0 Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0" | beta3, node.js |
Affected
| ||||||
| Node Saml Project Search vendor "Node Saml Project" | Node Saml Search vendor "Node Saml Project" for product "Node Saml" | 4.0.0 Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0" | beta4, node.js |
Affected
| ||||||