Vulnerabilites related to onelogin - ruby-saml
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:54
Severity ?
Summary
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/06/24/3 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/06/24/3 | Mailing List, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", matchCriteriaId: "8C070E06-D129-452F-BC27-A509ED09B93B", versionEndIncluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.", }, { lang: "es", value: "Ruby-saml en versiones anteriores a 1.3.0 permite a atacantes realizar ataques de envoltura de firmas XML a través de vectores no especificados.", }, ], id: "CVE-2016-5697", lastModified: "2024-11-21T02:54:50.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-23T21:59:01.707", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-91", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-09-10 19:15
Modified
2024-11-21 09:37
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", matchCriteriaId: "DF41BEEE-FC5B-4728-B9BE-0B58C04F547E", versionEndExcluding: "1.12.3", vulnerable: true, }, { criteria: "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", matchCriteriaId: "ADBA67BE-BC31-48C0-A36F-9431814178C0", versionEndExcluding: "1.17.0", versionStartIncluding: "1.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*", matchCriteriaId: "6D978907-97A8-4EF4-BF81-FE8702C24745", versionEndIncluding: "1.10.3", vulnerable: true, }, { criteria: "cpe:2.3:a:omniauth:omniauth_saml:2.0.0:*:*:*:*:ruby:*:*", matchCriteriaId: "527AEDE3-F8EB-4C38-AF51-3B679AC4E336", vulnerable: true, }, { criteria: "cpe:2.3:a:omniauth:omniauth_saml:2.1.0:*:*:*:*:ruby:*:*", matchCriteriaId: "3F307538-4D4D-4DD1-A9A0-F4D06E20163E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", matchCriteriaId: "7000556E-4EBB-4B99-84B1-A2EEA709311C", versionEndExcluding: "16.11.10", vulnerable: true, }, { criteria: "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", matchCriteriaId: "3B47FDB0-B642-4E50-B0B6-1D71545FE917", versionEndExcluding: "17.0.8", versionStartIncluding: "17.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", matchCriteriaId: "86B327A7-22C7-488F-ABA6-3AC90EF07D04", versionEndExcluding: "17.1.8", versionStartIncluding: "17.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", matchCriteriaId: "E831CA83-DDA9-4F47-BCF8-2CBB7E74C9DC", versionEndExcluding: "17.2.7", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*", matchCriteriaId: "60003658-012F-4DB8-9D8F-8E48C14CA0C4", versionEndExcluding: "17.3.3", versionStartIncluding: "17.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.", }, { lang: "es", value: "La librería Ruby SAML sirve para implementar el lado del cliente de una autorización SAML. Ruby-SAML en <= 12.2 y 1.13.0 <= 1.16.0 no verifica correctamente la firma de la respuesta SAML. Un atacante no autenticado con acceso a cualquier documento SAML firmado (por el IdP) puede falsificar una respuesta/afirmación SAML con contenido arbitrario. Esto le permitiría al atacante iniciar sesión como un usuario arbitrario dentro del sistema vulnerable. Esta vulnerabilidad se solucionó en 1.17.0 y 1.12.3.", }, ], id: "CVE-2024-45409", lastModified: "2024-11-21T09:37:44.377", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.8, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-10T19:15:22.030", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://news.ycombinator.com/item?id=41586031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240926-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-27 19:15
Modified
2025-01-14 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", matchCriteriaId: "5A9CA94C-AADE-4415-8F5C-CD19F0CDDF7D", versionEndExcluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.", }, ], id: "CVE-2015-20108", lastModified: "2025-01-14T19:15:26.993", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-27T19:15:09.043", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/SAML-Toolkits/ruby-saml/pull/225", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20230703-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/SAML-Toolkits/ruby-saml/pull/225", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230703-0003/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-17 14:29
Modified
2024-11-21 03:07
Severity ?
7.7 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@duo.com | https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | Exploit, Technical Description, Third Party Advisory | |
| security@duo.com | https://www.kb.cert.org/vuls/id/475445 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/475445 | Third Party Advisory, US Government Resource |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", matchCriteriaId: "A91764B6-BE43-4720-B876-620FE48D3C71", versionEndIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.", }, { lang: "es", value: "OneLogin Ruby-SAML versión 1.6.0 y versiones anteriores pueden utilizar incorrectamente los resultados de las API de migración y canonicalización de DOM de XML de tal manera que un atacante pueda manipular los datos SAML sin invalidar la firma criptográfica, lo que permite que el ataque omita la autorización de los proveedores de servicio SAML.", }, ], id: "CVE-2017-11428", lastModified: "2024-11-21T03:07:46.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.1, impactScore: 4, source: "security@duo.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-17T14:29:00.323", references: [ { source: "security@duo.com", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", }, { source: "security@duo.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/475445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/475445", }, ], sourceIdentifier: "security@duo.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "security@duo.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2016-5697
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/06/24/3 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:07:59.941Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-24T00:00:00", descriptions: [ { lang: "en", value: "Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-23T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/06/24/3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5697", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/06/24/3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5697", datePublished: "2017-01-23T21:00:00", dateReserved: "2016-06-16T00:00:00", dateUpdated: "2024-08-06T01:07:59.941Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-11428
Vulnerability from cvelistv5
Published
2019-04-17 13:59
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/475445 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:12:39.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/475445", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Ruby-SAML", vendor: "OneLogin", versions: [ { lessThan: "1.6.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Kelby Ludwig of Duo Security", }, ], descriptions: [ { lang: "en", value: "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287: Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-17T13:59:53", orgId: "7cd4c57f-0a88-4dda-be53-70336b413766", shortName: "duo", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", }, { tags: [ "x_refsource_MISC", ], url: "https://www.kb.cert.org/vuls/id/475445", }, ], source: { discovery: "INTERNAL", }, title: " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@duo.com", ID: "CVE-2017-11428", STATE: "PUBLIC", TITLE: " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Ruby-SAML", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "1.6.0", }, ], }, }, ], }, vendor_name: "OneLogin", }, ], }, }, credit: [ { lang: "eng", value: "Kelby Ludwig of Duo Security", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-287: Improper Authentication", }, ], }, ], }, references: { reference_data: [ { name: "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", refsource: "MISC", url: "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", }, { name: "https://www.kb.cert.org/vuls/id/475445", refsource: "MISC", url: "https://www.kb.cert.org/vuls/id/475445", }, ], }, source: { discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "7cd4c57f-0a88-4dda-be53-70336b413766", assignerShortName: "duo", cveId: "CVE-2017-11428", datePublished: "2019-04-17T13:59:53", dateReserved: "2017-07-18T00:00:00", dateUpdated: "2024-08-05T18:12:39.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45409
Vulnerability from cvelistv5
Published
2024-09-10 18:50
Modified
2024-11-11 17:02
Severity ?
EPSS score ?
Summary
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Version: < 1.12.3 Version: >= 1.13.0, < 1.17.0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ruby-saml", vendor: "onelogin", versions: [ { lessThan: "1.12.3", status: "affected", version: "0", versionType: "custom", }, { lessThan: "1.17.0", status: "affected", version: "1.13.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:omniauth:omniauth-saml:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "omniauth-saml", vendor: "omniauth", versions: [ { lessThanOrEqual: "2.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45409", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-23T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-16T03:55:11.297Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-11-11T17:02:31.329Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/", }, { url: "https://news.ycombinator.com/item?id=41586031", }, { url: "https://security.netapp.com/advisory/ntap-20240926-0008/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ruby-saml", vendor: "SAML-Toolkits", versions: [ { status: "affected", version: "< 1.12.3", }, { status: "affected", version: ">= 1.13.0, < 1.17.0", }, ], }, ], descriptions: [ { lang: "en", value: "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347: Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-11T21:03:29.185Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2", }, { name: "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq", tags: [ "x_refsource_MISC", ], url: "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq", }, { name: "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae", tags: [ "x_refsource_MISC", ], url: "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae", }, { name: "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7", tags: [ "x_refsource_MISC", ], url: "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7", }, ], source: { advisory: "GHSA-jw9c-mfg7-9rx2", discovery: "UNKNOWN", }, title: "The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45409", datePublished: "2024-09-10T18:50:12.965Z", dateReserved: "2024-08-28T20:21:32.804Z", dateUpdated: "2024-11-11T17:02:31.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-20108
Vulnerability from cvelistv5
Published
2023-05-27 00:00
Modified
2025-01-14 18:39
Severity ?
EPSS score ?
Summary
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:58:26.458Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/SAML-Toolkits/ruby-saml/pull/225", }, { tags: [ "x_transferred", ], url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", }, { tags: [ "x_transferred", ], url: "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", }, { tags: [ "x_transferred", ], url: "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230703-0003/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2015-20108", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T18:38:57.536983Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T18:39:03.440Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-03T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/SAML-Toolkits/ruby-saml/pull/225", }, { url: "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml", }, { url: "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0", }, { url: "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448", }, { url: "https://security.netapp.com/advisory/ntap-20230703-0003/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-20108", datePublished: "2023-05-27T00:00:00", dateReserved: "2023-05-27T00:00:00", dateUpdated: "2025-01-14T18:39:03.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }