GHSA-j4qf-3w33-8cgc

Suggest an improvement
Source
https://github.com/advisories/GHSA-j4qf-3w33-8cgc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j4qf-3w33-8cgc/GHSA-j4qf-3w33-8cgc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j4qf-3w33-8cgc
Aliases
Published
2022-05-14T01:04:08Z
Modified
2024-04-25T21:26:45.023518Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SimpleSAMLphp Signature validation bypass
Details

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.

Database specific
{
    "nvd_published_at": "2018-02-02T15:29:00Z",
    "cwe_ids": [
        "CWE-347"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T21:00:27Z"
}
References

Affected packages

Packagist / simplesamlphp/simplesamlphp

Package

Name
simplesamlphp/simplesamlphp
Purl
pkg:composer/simplesamlphp/simplesamlphp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.17

Affected versions

v1.*

v1.12.0
v1.13.0-rc1
v1.13.0-rc2
v1.13.0
v1.13.1
v1.13.2
v1.14.0-rc1
v1.14.0
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.14.10
v1.14.11
v1.14.12
v1.14.13
v1.14.14
v1.14.15
v1.14.16