GHSA-xhqq-x44f-9fgg

Suggest an improvement
Source
https://github.com/advisories/GHSA-xhqq-x44f-9fgg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-xhqq-x44f-9fgg/GHSA-xhqq-x44f-9fgg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xhqq-x44f-9fgg
Aliases
Related
Published
2022-02-11T23:58:09Z
Modified
2023-12-06T01:00:31.623814Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Authentication Bypass in github.com/russellhaering/gosaml2
Details

Impact

Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.

Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.

Patches

Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.

Database specific
{
    "nvd_published_at": "2020-12-14T20:15:00Z",
    "cwe_ids": [
        "CWE-115"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T21:11:37Z"
}
References

Affected packages

Go / github.com/russellhaering/gosaml2

Package

Name
github.com/russellhaering/gosaml2
View open source insights on deps.dev
Purl
pkg:golang/github.com/russellhaering/gosaml2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.0