CVE-2018-5387

Опубликовано: 24 июл. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Ссылки

https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
Exploit
Third Party Advisory
https://github.com/GoGentoOSS/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3
Patch
Third Party Advisory
https://github.com/GoGentoOSS/SAMLBase/issues/3
Issue Tracking
Patch
Third Party Advisory
https://www.kb.cert.org/vuls/id/475445
Third Party Advisory
US Government Resource
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
Exploit
Third Party Advisory
https://github.com/GoGentoOSS/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3
Patch
Third Party Advisory
https://github.com/GoGentoOSS/SAMLBase/issues/3
Issue Tracking
Patch
Third Party Advisory
https://www.kb.cert.org/vuls/id/475445
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wizkunde:samlbase:*:*:*:*:*:*:*:*

Версия до 1.4.2 (исключая)

EPSS

Процентиль: 45%

0.00227

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

CWE-347

Связанные уязвимости

GHSA-7gh2-8q93-87hp