GHSA-5wrg-8fxp-cx9r – passport-wsfed-saml2

Package

Manager: npm
Name: passport-wsfed-saml2
Vulnerable Version: >=0 <3.0.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

passport-wsfed-saml2 Signature Bypass vulnerability ## Information Please note that this is not a new disclosure, and is previously reported in our [SECURITY-NOTICE.md](https://github.com/auth0/passport-wsfed-saml2/commit/520b9fc0bb4249ce83bec47e30153419f086ab70 ) which we removed in favor of github advisory. # Overview A vulnerability was found in the validation of a SAML signature. The validation doesn't ensure that the "Signature" tag is at the proper location inside an "Assertion" tag. This leads to a signature relocation attack where the attacker can corrupt one field of data while maintaining the signature valid. This could allow an authenticated attacker to "remove" one group from the assertion or corrupt another field of an assertion. # Am I affected? You are affected if you are using the passport-wsfed-saml2 library to version < 3.0.10 # How do I fix it? You may fix this issue by upgrading passport-wsfed-saml2 library to version 3.0.10 or above. # Will the fix impact my users? This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.

Metadata

Created: 2023-06-21T22:06:22Z
Modified: 2023-06-21T22:06:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-5wrg-8fxp-cx9r/GHSA-5wrg-8fxp-cx9r.json
CWE IDs: []
Alternative ID: N/A
Finding: F204
Auto approve: 1