Описание
Authentication Bypass in github.com/russellhaering/gosaml2
Impact
Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.
Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.
Patches
Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.
Ссылки
- https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg
- https://nvd.nist.gov/vuln/detail/CVE-2020-29509
- https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9
- https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md
- https://pkg.go.dev/vuln/GO-2021-0060
- https://security.netapp.com/advisory/ntap-20210129-0006
Пакеты
github.com/russellhaering/gosaml2
< 0.6.0
0.6.0
Связанные уязвимости
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
The encoding/xml package in Go (all versions) does not correctly prese ...