CVE-2011-1411 – org.opensaml:opensaml

Package

Manager: maven
Name: org.opensaml:opensaml
Vulnerable Version: >=2.4.0 <2.4.3 || >=2.5.0 <2.5.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00047 pctl0.13982

Details

Improper Authentication in OpenSAML Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Metadata

Created: 2022-05-17T05:02:41Z
Modified: 2022-07-13T17:17:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qwwj-qj3f-9hv7/GHSA-qwwj-qj3f-9hv7.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-qwwj-qj3f-9hv7
Finding: F039
Auto approve: 1