exploitDog

CVE-2024-1735

Опубликовано: 26 фев. 2024

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.

Ссылки

https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54
Vendor Advisory
https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*

Версия до 1.27.2 (исключая)

EPSS

Процентиль: 36%

0.00149

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-4m6j-23p2-8c54

CVSS3: 9.1

github

почти 2 года назад

Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

EPSS

Процентиль: 36%

0.00149

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-287