CVE-2022-41912

crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.

La librería Crewjam/saml go anterior a la versión 0.4.9 es vulnerable a una omisión de autenticación al procesar respuestas SAML que contienen múltiples elementos de afirmación. Este problema se ha corregido en la versión 0.4.9. No hay más workarounds que actualizar a una versión fija.

An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.

The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-30 CVE Reserved
2022-11-28 CVE Published
2024-07-19 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-165: Improper Neutralization of Multiple Internal Special Elements
CWE-287: Improper Authentication

CAPEC

References (5)

URL	Tag	Source
http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html	Third Party Advisory
https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b	2023-02-01

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-41912	2023-06-15
https://bugzilla.redhat.com/show_bug.cgi?id=2149181	2023-06-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Saml Project Search vendor "Saml Project"		Saml Search vendor "Saml Project" for product "Saml"				< 0.4.9 Search vendor "Saml Project" for product "Saml" and version " < 0.4.9"		go		Affected