CVE-2022-41912

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html	Third Party Advisory VDB Entry
https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b	Patch Third Party Advisory
https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:saml_project:saml:*:*:*:*:*:go:*:*

History

No history.

Information

Published : 2022-11-28 15:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-41912

Mitre link : CVE-2022-41912

CVE.ORG link : CVE-2022-41912

JSON object : View

Products Affected

saml_project

saml

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-41912", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-11-28T15:15:10.460", "references": [{"url": "http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security-advisories@github.com"}, {"url": "https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version."}, {"lang": "es", "value": "La librer\u00eda Crewjam/saml go anterior a la versi\u00f3n 0.4.9 es vulnerable a una omisi\u00f3n de autenticaci\u00f3n al procesar respuestas SAML que contienen m\u00faltiples elementos de afirmaci\u00f3n. Este problema se ha corregido en la versi\u00f3n 0.4.9. No hay m\u00e1s workarounds que actualizar a una versi\u00f3n fija."}], "lastModified": "2023-02-01T15:48:30.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:saml_project:saml:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "8908B8DF-DF74-4205-A9D0-D9F28819636D", "versionEndExcluding": "0.4.9"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}