CVE-2017-16897 – passport-wsfed-saml2

Package

Manager: npm
Name: passport-wsfed-saml2
Vulnerable Version: >=0 <3.0.5

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00422 pctl0.61268

Details

passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token ## Information Please note that this is not a new disclosure, and is previously reported in our [SECURITY-NOTICE.md](https://github.com/auth0/passport-wsfed-saml2/commit/520b9fc0bb4249ce83bec47e30153419f086ab70 ) which we removed in favor of github advisory. # Overview This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider: - signs SAML response and signs assertion - does not sign SAML response and signs assertion # Am I affected? You may be affected if you use SAML2 protocol with passport-wsfed-saml2 versions below 3.0.5 and your SAML identity Provider: 1. signs SAML response and signs assertion; or 2. does not sign SAML response and signs assertion # How do I fix it? You may fix this vulnerability by upgrading your library to version 3.0.5 or above. # Will the fix impact my users? This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.

Metadata

Created: 2023-06-21T22:00:18Z
Modified: 2023-06-21T22:00:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-77fw-rf4v-vfp9/GHSA-77fw-rf4v-vfp9.json
CWE IDs: ["CWE-290"]
Alternative ID: GHSA-77fw-rf4v-vfp9
Finding: F032
Auto approve: 1