GHSA-5684-g483-2249 – github.com/russellhaering/gosaml2

Package

Manager: go
Name: github.com/russellhaering/gosaml2
Vulnerable Version: >=0 <0.5.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Signature Validation Bypass ### Impact Given a valid SAML Response, an attacker can potentially modify the document, bypassing signature validation in order to pass off the altered document as a signed one. This enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the identity provider, or full authentication bypass if an external attacker can obtain an expired, signed SAML Response. ### Patches A patch is available, users of gosaml2 should upgrade to v0.5.0 or higher. ### References See the [underlying advisory on goxmldsig](https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7) for more details.

Metadata

Created: 2021-05-24T16:59:47Z
Modified: 2021-10-05T17:07:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-5684-g483-2249/GHSA-5684-g483-2249.json
CWE IDs: ["CWE-347"]
Alternative ID: N/A
Finding: F204
Auto approve: 1