GHSA-77fw-rf4v-vfp9

Suggest an improvement
Source
https://github.com/advisories/GHSA-77fw-rf4v-vfp9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-77fw-rf4v-vfp9/GHSA-77fw-rf4v-vfp9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-77fw-rf4v-vfp9
Aliases
Published
2023-06-21T22:00:18Z
Modified
2023-11-08T03:59:13.976998Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
Details

Information

Please note that this is not a new disclosure, and is previously reported in our SECURITY-NOTICE.md which we removed in favor of github advisory.

Overview

This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider:

  • signs SAML response and signs assertion

  • does not sign SAML response and signs assertion

Am I affected?

You may be affected if you use SAML2 protocol with passport-wsfed-saml2 versions below 3.0.5 and your SAML identity Provider: 1. signs SAML response and signs assertion; or 2. does not sign SAML response and signs assertion

How do I fix it?

You may fix this vulnerability by upgrading your library to version 3.0.5 or above.

Will the fix impact my users?

This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-290"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-21T22:00:18Z"
}
References

Affected packages

npm / passport-wsfed-saml2

Package

Name
passport-wsfed-saml2
View open source insights on deps.dev
Purl
pkg:npm/passport-wsfed-saml2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.5