Fluid Attacks Database

Description

Signature wrapping vulnerability in Spring Security Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.springframework.security:spring-security-core	>=5.2.0 <5.2.4 \|\| >=5.3.0 <5.3.2	5.2.4, 5.3.2
maven	org.springframework.security:spring-security-saml2-service-provider	>=5.2.0 <5.2.4 \|\| >=5.3.0 <5.3.2	5.2.4.release, 5.3.2.release

Aliases

1. CVE-2020-54072. NVD-2020-54073. OSV-2020-54074. GCVE-2020-54075. TANZU-cve-2020-5407

References

1. https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E2. https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E3. https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E4. https://tanzu.vmware.com/security/cve-2020-54075. https://www.oracle.com/security-alerts/cpuApr2021.html6. https://www.oracle.com/security-alerts/cpujan2021.html7. https://www.oracle.com/security-alerts/cpuoct2020.html