Описание
Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- Third Party AdvisoryUS Government Resource
- ExploitTechnical DescriptionThird Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.0 (включая)
cpe:2.3:a:clever:saml2-js:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00272
Низкий
7.7 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 7.7
github
больше 6 лет назад
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
EPSS
Процентиль: 50%
0.00272
Низкий
7.7 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
CWE-287