CVE-2024-1735

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

Se ha identificado una vulnerabilidad en versiones de armeria-saml inferiores a 1.27.2, que permite el uso de mensajes SAML maliciosos para eludir la autenticación. Todos los usuarios que dependen de armeria-saml anterior a la versión 1.27.2 deben actualizar a la versión 1.27.2 o posterior.

*Credits: N/A

CVSS Scores

LINE Corporationv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-02-22 CVE Reserved
2024-02-26 CVE Published
2024-02-26 EPSS Updated
2024-08-26 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source
https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
LINE Corporation Search vendor "LINE Corporation"		Armeria Search vendor "LINE Corporation" for product "Armeria"				>= 0.69.0 < 1.27.2 Search vendor "LINE Corporation" for product "Armeria" and version " >= 0.69.0 < 1.27.2"		en		Affected