Количество 3
Количество 3
CVE-2024-47832
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.
GHSA-j2hr-q93x-gxvh
SSOReady has an XML Signature Bypass via differential XML parsing
SUSE-SU-2024:3911-1
Security update for govulncheck-vulndb
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-47832 ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability. | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
| GHSA-j2hr-q93x-gxvh SSOReady has an XML Signature Bypass via differential XML parsing | CVSS3: 9.8 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2024:3911-1 Security update for govulncheck-vulndb | больше 1 года назад |
Уязвимостей на страницу