// For flags

CVE-2022-39300

Signature bypass via multiple root elements in node-SAML

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.

node SAML es una biblioteca SAML versión 2.0 basada en la implementación SAML de passport-saml. Un atacante remoto puede ser capaz de omitir la autenticación SAML en un sitio web usando passport-saml. Un ataque con éxito requiere que el atacante esté en posesión de un elemento XML firmado por un IDP arbitrario. Dependiendo del IDP usado, los ataques sin autenticación (por ejemplo, sin acceso a un usuario válido) también podrían ser factibles si puede desencadenarse la generación de un mensaje firmado. Los usuarios deben actualizar a versión 4.0.0-beta5 de node-saml o más reciente. Puede deshabilitarse la autenticación SAML como mitigación

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-02 CVE Reserved
  • 2022-10-13 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Node Saml Project
Search vendor "Node Saml Project"
 Node Saml
Search vendor "Node Saml Project" for product "Node Saml"
 < 4.0.0
Search vendor "Node Saml Project" for product "Node Saml" and version " < 4.0.0"
node.js
Affected
Node Saml Project
Search vendor "Node Saml Project"
 Node Saml
Search vendor "Node Saml Project" for product "Node Saml"
 4.0.0
Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0"
beta0, node.js
Affected
Node Saml Project
Search vendor "Node Saml Project"
 Node Saml
Search vendor "Node Saml Project" for product "Node Saml"
 4.0.0
Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0"
beta1, node.js
Affected
Node Saml Project
Search vendor "Node Saml Project"
 Node Saml
Search vendor "Node Saml Project" for product "Node Saml"
 4.0.0
Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0"
beta2, node.js
Affected
Node Saml Project
Search vendor "Node Saml Project"
 Node Saml
Search vendor "Node Saml Project" for product "Node Saml"
 4.0.0
Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0"
beta3, node.js
Affected
Node Saml Project
Search vendor "Node Saml Project"
 Node Saml
Search vendor "Node Saml Project" for product "Node Saml"
 4.0.0
Search vendor "Node Saml Project" for product "Node Saml" and version "4.0.0"
beta4, node.js
Affected