Описание
Authentication Bypass in tyk-identity-broker
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-23365
- https://github.com/TykTechnologies/tyk-identity-broker/pull/147
- https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0
- https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0
- https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720
Пакеты
Наименование
github.com/tyktechnologies/tyk-identity-broker
go
Затронутые версииВерсия исправления
< 1.1.1
1.1.1
Связанные уязвимости
CVSS3: 4.8
nvd
почти 5 лет назад
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).