Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
25 vulnerabilities by OneLogin
CVE-2025-66568 (GCVE-0-2025-66568)
Vulnerability from nvd – Published: 2025-12-09 02:03 – Updated: 2025-12-09 16:02- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.18.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:16:24.122600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:02:52.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrapping attack. When libxml2\u2019s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. ruby-saml then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded. This issue is fixed in version 1.18.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T02:03:20.397Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a"
}
],
"source": {
"advisory": "GHSA-x4h9-gwv3-r4m4",
"discovery": "UNKNOWN"
},
"title": "ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66568",
"datePublished": "2025-12-09T02:03:20.397Z",
"dateReserved": "2025-12-04T16:17:35.386Z",
"dateUpdated": "2025-12-09T16:02:52.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66567 (GCVE-0-2025-66567)
Vulnerability from nvd – Published: 2025-12-09 01:55 – Updated: 2025-12-09 16:02- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/advisories/GHSA-754f-8gm6-c4r2 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.18.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:16:33.897851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:02:57.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T01:55:06.296Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://github.com/advisories/GHSA-754f-8gm6-c4r2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-754f-8gm6-c4r2"
}
],
"source": {
"advisory": "GHSA-9v8j-x534-2fx3",
"discovery": "UNKNOWN"
},
"title": "ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66567",
"datePublished": "2025-12-09T01:55:06.296Z",
"dateReserved": "2025-12-04T16:17:35.386Z",
"dateUpdated": "2025-12-09T16:02:57.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52925 (GCVE-0-2025-52925)
Vulnerability from nvd – Published: 2025-07-02 00:00 – Updated: 2025-07-02 13:19- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
| Vendor | Product | Version | |
|---|---|---|---|
| OneLogin | Active Directory Connector |
Affected:
0 , < 6.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T13:03:20.244439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:19:27.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Active Directory Connector",
"vendor": "OneLogin",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T03:30:46.906Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://oneidentity.com"
},
{
"url": "https://onelogin.service-now.com/support?id=kb_article\u0026sys_id=b69c9c6c8762e210f7b8a7dd3fbb356e\u0026kb_category=f91821b0db185340d5505eea4b9619f9"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52925",
"datePublished": "2025-07-02T00:00:00.000Z",
"dateReserved": "2025-06-22T00:00:00.000Z",
"dateUpdated": "2025-07-02T13:19:27.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25293 (GCVE-0-2025-25293)
Vulnerability from nvd – Published: 2025-03-12 20:11 – Updated: 2025-11-03 19:45- CWE-400 - Uncontrolled Resource Consumption
| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/omniauth/omniauth-saml/securit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://about.gitlab.com/releases/2025/03/12/patc… | x_refsource_MISC |
| https://github.blog/security/sign-in-as-anyone-by… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025031… | |
| https://lists.debian.org/debian-lts-announce/2025… |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T20:36:09.253658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T20:36:17.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:45:02.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0008/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they\u0027re compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:05:32.311Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml"
}
],
"source": {
"advisory": "GHSA-92rq-c8cf-prrq",
"discovery": "UNKNOWN"
},
"title": "ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25293",
"datePublished": "2025-03-12T20:11:08.860Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:45:02.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25292 (GCVE-0-2025-25292)
Vulnerability from nvd – Published: 2025-03-12 20:53 – Updated: 2025-11-03 19:45| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/omniauth/omniauth-saml/securit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://about.gitlab.com/releases/2025/03/12/patc… | x_refsource_MISC |
| https://github.blog/security/sign-in-as-anyone-by… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://portswigger.net/research/saml-roulette-th… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025031… | |
| https://news.ycombinator.com/item?id=43374519 | |
| https://lists.debian.org/debian-lts-announce/2025… |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:45:01.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0009/"
},
{
"url": "https://news.ycombinator.com/item?id=43374519"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:32:48.636527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:32:54.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:06:17.813Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
}
],
"source": {
"advisory": "GHSA-754f-8gm6-c4r2",
"discovery": "UNKNOWN"
},
"title": "Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25292",
"datePublished": "2025-03-12T20:53:24.353Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:45:01.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25291 (GCVE-0-2025-25291)
Vulnerability from nvd – Published: 2025-03-12 20:16 – Updated: 2025-11-03 19:44| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/omniauth/omniauth-saml/securit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://about.gitlab.com/releases/2025/03/12/patc… | x_refsource_MISC |
| https://github.blog/security/sign-in-as-anyone-by… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://portswigger.net/research/saml-roulette-th… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025031… | |
| https://news.ycombinator.com/item?id=43374519 | |
| https://lists.debian.org/debian-lts-announce/2025… |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25291",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T20:06:31.066662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T20:06:50.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:59.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0010/"
},
{
"url": "https://news.ycombinator.com/item?id=43374519"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:07:07.030Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
}
],
"source": {
"advisory": "GHSA-4vc4-m8qh-g8jm",
"discovery": "UNKNOWN"
},
"title": "ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25291",
"datePublished": "2025-03-12T20:16:12.181Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:44:59.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45409 (GCVE-0-2024-45409)
Vulnerability from nvd – Published: 2024-09-10 18:50 – Updated: 2024-11-11 17:02- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.3
Affected: >= 1.13.0, < 1.17.0 |
|
| onelogin | ruby-saml |
Affected:
0 , < 1.12.3
(custom)
Affected: 1.13.0 , < 1.17.0 (custom) cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:* |
|
| omniauth | omniauth-saml |
Affected:
0 , ≤ 2.1.0
(custom)
cpe:2.3:a:omniauth:omniauth-saml:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruby-saml",
"vendor": "onelogin",
"versions": [
{
"lessThan": "1.12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "1.13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:omniauth:omniauth-saml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omniauth-saml",
"vendor": "omniauth",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45409",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T03:55:11.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-11T17:02:31.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/"
},
{
"url": "https://news.ycombinator.com/item?id=41586031"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0008/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.3"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T21:03:29.185Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7"
}
],
"source": {
"advisory": "GHSA-jw9c-mfg7-9rx2",
"discovery": "UNKNOWN"
},
"title": "The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45409",
"datePublished": "2024-09-10T18:50:12.965Z",
"dateReserved": "2024-08-28T20:21:32.804Z",
"dateUpdated": "2024-11-11T17:02:31.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-20108 (GCVE-0-2015-20108)
Vulnerability from nvd – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:39- n/a
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/pull/225"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230703-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-20108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:38:57.536983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:39:03.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/SAML-Toolkits/ruby-saml/pull/225"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml"
},
{
"url": "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0"
},
{
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-20108",
"datePublished": "2023-05-27T00:00:00.000Z",
"dateReserved": "2023-05-27T00:00:00.000Z",
"dateUpdated": "2025-01-14T18:39:03.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10928 (GCVE-0-2016-10928)
Vulnerability from nvd – Published: 2019-08-22 19:40 – Updated: 2024-08-06 03:38- n/a
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/onelogin-saml-sso/#… | x_refsource_MISC |
| https://github.com/onelogin/wordpress-saml/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/onelogin-saml-sso/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T19:40:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/onelogin-saml-sso/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/onelogin-saml-sso/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/onelogin-saml-sso/#developers"
},
{
"name": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da",
"refsource": "MISC",
"url": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10928",
"datePublished": "2019-08-22T19:40:39.000Z",
"dateReserved": "2019-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:38:56.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11428 (GCVE-0-2017-11428)
Vulnerability from nvd – Published: 2019-04-17 13:59 – Updated: 2024-08-05 18:12- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://duo.com/blog/duo-finds-saml-vulnerabiliti… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/475445 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby-SAML",
"vendor": "OneLogin",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kelby Ludwig of Duo Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T13:59:53.000Z",
"orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"shortName": "duo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11428",
"STATE": "PUBLIC",
"TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby-SAML",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.6.0"
}
]
}
}
]
},
"vendor_name": "OneLogin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"name": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"assignerShortName": "duo",
"cveId": "CVE-2017-11428",
"datePublished": "2019-04-17T13:59:53.000Z",
"dateReserved": "2017-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:12:39.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11427 (GCVE-0-2017-11427)
Vulnerability from nvd – Published: 2019-04-17 13:59 – Updated: 2024-08-05 18:12- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://duo.com/blog/duo-finds-saml-vulnerabiliti… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/475445 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| OneLogin | PythonSAML |
Affected:
unspecified , < 2.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PythonSAML",
"vendor": "OneLogin",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kelby Ludwig of Duo Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T13:59:19.000Z",
"orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"shortName": "duo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11427",
"STATE": "PUBLIC",
"TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PythonSAML",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "OneLogin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"name": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"assignerShortName": "duo",
"cveId": "CVE-2017-11427",
"datePublished": "2019-04-17T13:59:19.000Z",
"dateReserved": "2017-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:12:39.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5697 (GCVE-0-2016-5697)
Vulnerability from nvd – Published: 2017-01-23 21:00 – Updated: 2024-08-06 01:07- n/a
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/06/24/3 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-23T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5697",
"datePublished": "2017-01-23T21:00:00.000Z",
"dateReserved": "2016-06-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:07:59.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66568 (GCVE-0-2025-66568)
Vulnerability from cvelistv5 – Published: 2025-12-09 02:03 – Updated: 2025-12-09 16:02- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.18.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:16:24.122600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:02:52.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrapping attack. When libxml2\u2019s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. ruby-saml then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded. This issue is fixed in version 1.18.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T02:03:20.397Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a"
}
],
"source": {
"advisory": "GHSA-x4h9-gwv3-r4m4",
"discovery": "UNKNOWN"
},
"title": "ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66568",
"datePublished": "2025-12-09T02:03:20.397Z",
"dateReserved": "2025-12-04T16:17:35.386Z",
"dateUpdated": "2025-12-09T16:02:52.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66567 (GCVE-0-2025-66567)
Vulnerability from cvelistv5 – Published: 2025-12-09 01:55 – Updated: 2025-12-09 16:02- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/advisories/GHSA-754f-8gm6-c4r2 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.18.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:16:33.897851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:02:57.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T01:55:06.296Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://github.com/advisories/GHSA-754f-8gm6-c4r2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-754f-8gm6-c4r2"
}
],
"source": {
"advisory": "GHSA-9v8j-x534-2fx3",
"discovery": "UNKNOWN"
},
"title": "ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66567",
"datePublished": "2025-12-09T01:55:06.296Z",
"dateReserved": "2025-12-04T16:17:35.386Z",
"dateUpdated": "2025-12-09T16:02:57.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52925 (GCVE-0-2025-52925)
Vulnerability from cvelistv5 – Published: 2025-07-02 00:00 – Updated: 2025-07-02 13:19- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
| Vendor | Product | Version | |
|---|---|---|---|
| OneLogin | Active Directory Connector |
Affected:
0 , < 6.1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T13:03:20.244439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:19:27.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Active Directory Connector",
"vendor": "OneLogin",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402 Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T03:30:46.906Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://oneidentity.com"
},
{
"url": "https://onelogin.service-now.com/support?id=kb_article\u0026sys_id=b69c9c6c8762e210f7b8a7dd3fbb356e\u0026kb_category=f91821b0db185340d5505eea4b9619f9"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-52925",
"datePublished": "2025-07-02T00:00:00.000Z",
"dateReserved": "2025-06-22T00:00:00.000Z",
"dateUpdated": "2025-07-02T13:19:27.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25292 (GCVE-0-2025-25292)
Vulnerability from cvelistv5 – Published: 2025-03-12 20:53 – Updated: 2025-11-03 19:45| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/omniauth/omniauth-saml/securit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://about.gitlab.com/releases/2025/03/12/patc… | x_refsource_MISC |
| https://github.blog/security/sign-in-as-anyone-by… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://portswigger.net/research/saml-roulette-th… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025031… | |
| https://news.ycombinator.com/item?id=43374519 | |
| https://lists.debian.org/debian-lts-announce/2025… |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:45:01.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0009/"
},
{
"url": "https://news.ycombinator.com/item?id=43374519"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:32:48.636527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:32:54.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:06:17.813Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
}
],
"source": {
"advisory": "GHSA-754f-8gm6-c4r2",
"discovery": "UNKNOWN"
},
"title": "Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25292",
"datePublished": "2025-03-12T20:53:24.353Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:45:01.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25291 (GCVE-0-2025-25291)
Vulnerability from cvelistv5 – Published: 2025-03-12 20:16 – Updated: 2025-11-03 19:44| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/omniauth/omniauth-saml/securit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://about.gitlab.com/releases/2025/03/12/patc… | x_refsource_MISC |
| https://github.blog/security/sign-in-as-anyone-by… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://portswigger.net/research/saml-roulette-th… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025031… | |
| https://news.ycombinator.com/item?id=43374519 | |
| https://lists.debian.org/debian-lts-announce/2025… |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25291",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T20:06:31.066662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T20:06:50.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:59.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0010/"
},
{
"url": "https://news.ycombinator.com/item?id=43374519"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-436",
"description": "CWE-436: Interpretation Conflict",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:07:07.030Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins",
"tags": [
"x_refsource_MISC"
],
"url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
}
],
"source": {
"advisory": "GHSA-4vc4-m8qh-g8jm",
"discovery": "UNKNOWN"
},
"title": "ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25291",
"datePublished": "2025-03-12T20:16:12.181Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:44:59.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-25293 (GCVE-0-2025-25293)
Vulnerability from cvelistv5 – Published: 2025-03-12 20:11 – Updated: 2025-11-03 19:45- CWE-400 - Uncontrolled Resource Consumption
| URL | Tags |
|---|---|
| https://github.com/SAML-Toolkits/ruby-saml/securi… | x_refsource_CONFIRM |
| https://github.com/omniauth/omniauth-saml/securit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/commit… | x_refsource_MISC |
| https://about.gitlab.com/releases/2025/03/12/patc… | x_refsource_MISC |
| https://github.blog/security/sign-in-as-anyone-by… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://github.com/SAML-Toolkits/ruby-saml/releas… | x_refsource_MISC |
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025031… | |
| https://lists.debian.org/debian-lts-announce/2025… |
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.4
Affected: >= 1.13.0, < 1.18.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T20:36:09.253658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T20:36:17.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:45:02.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0008/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.4"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they\u0027re compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:05:32.311Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1"
},
{
"name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released",
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml",
"tags": [
"x_refsource_MISC"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml"
}
],
"source": {
"advisory": "GHSA-92rq-c8cf-prrq",
"discovery": "UNKNOWN"
},
"title": "ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-25293",
"datePublished": "2025-03-12T20:11:08.860Z",
"dateReserved": "2025-02-06T17:13:33.122Z",
"dateUpdated": "2025-11-03T19:45:02.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45409 (GCVE-0-2024-45409)
Vulnerability from cvelistv5 – Published: 2024-09-10 18:50 – Updated: 2024-11-11 17:02- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| SAML-Toolkits | ruby-saml |
Affected:
< 1.12.3
Affected: >= 1.13.0, < 1.17.0 |
|
| onelogin | ruby-saml |
Affected:
0 , < 1.12.3
(custom)
Affected: 1.13.0 , < 1.17.0 (custom) cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:* |
|
| omniauth | omniauth-saml |
Affected:
0 , ≤ 2.1.0
(custom)
cpe:2.3:a:omniauth:omniauth-saml:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruby-saml",
"vendor": "onelogin",
"versions": [
{
"lessThan": "1.12.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "1.13.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:omniauth:omniauth-saml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omniauth-saml",
"vendor": "omniauth",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45409",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T03:55:11.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-11T17:02:31.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/"
},
{
"url": "https://news.ycombinator.com/item?id=41586031"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0008/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-saml",
"vendor": "SAML-Toolkits",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.3"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in \u003c= 12.2 and 1.13.0 \u003c= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T21:03:29.185Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2"
},
{
"name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae"
},
{
"name": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7"
}
],
"source": {
"advisory": "GHSA-jw9c-mfg7-9rx2",
"discovery": "UNKNOWN"
},
"title": "The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45409",
"datePublished": "2024-09-10T18:50:12.965Z",
"dateReserved": "2024-08-28T20:21:32.804Z",
"dateUpdated": "2024-11-11T17:02:31.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-20108 (GCVE-0-2015-20108)
Vulnerability from cvelistv5 – Published: 2023-05-27 00:00 – Updated: 2025-01-14 18:39- n/a
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/pull/225"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230703-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-20108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T18:38:57.536983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T18:39:03.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/SAML-Toolkits/ruby-saml/pull/225"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml"
},
{
"url": "https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0"
},
{
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-20108",
"datePublished": "2023-05-27T00:00:00.000Z",
"dateReserved": "2023-05-27T00:00:00.000Z",
"dateUpdated": "2025-01-14T18:39:03.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10928 (GCVE-0-2016-10928)
Vulnerability from cvelistv5 – Published: 2019-08-22 19:40 – Updated: 2024-08-06 03:38- n/a
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/onelogin-saml-sso/#… | x_refsource_MISC |
| https://github.com/onelogin/wordpress-saml/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/onelogin-saml-sso/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T19:40:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/onelogin-saml-sso/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/onelogin-saml-sso/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/onelogin-saml-sso/#developers"
},
{
"name": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da",
"refsource": "MISC",
"url": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10928",
"datePublished": "2019-08-22T19:40:39.000Z",
"dateReserved": "2019-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:38:56.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11428 (GCVE-0-2017-11428)
Vulnerability from cvelistv5 – Published: 2019-04-17 13:59 – Updated: 2024-08-05 18:12- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://duo.com/blog/duo-finds-saml-vulnerabiliti… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/475445 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby-SAML",
"vendor": "OneLogin",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kelby Ludwig of Duo Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T13:59:53.000Z",
"orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"shortName": "duo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11428",
"STATE": "PUBLIC",
"TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby-SAML",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.6.0"
}
]
}
}
]
},
"vendor_name": "OneLogin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"name": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"assignerShortName": "duo",
"cveId": "CVE-2017-11428",
"datePublished": "2019-04-17T13:59:53.000Z",
"dateReserved": "2017-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:12:39.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11427 (GCVE-0-2017-11427)
Vulnerability from cvelistv5 – Published: 2019-04-17 13:59 – Updated: 2024-08-05 18:12- CWE-287 - Improper Authentication
| URL | Tags |
|---|---|
| https://duo.com/blog/duo-finds-saml-vulnerabiliti… | x_refsource_MISC |
| https://www.kb.cert.org/vuls/id/475445 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| OneLogin | PythonSAML |
Affected:
unspecified , < 2.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PythonSAML",
"vendor": "OneLogin",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kelby Ludwig of Duo Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T13:59:19.000Z",
"orgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"shortName": "duo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/475445"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11427",
"STATE": "PUBLIC",
"TITLE": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PythonSAML",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "OneLogin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"name": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7cd4c57f-0a88-4dda-be53-70336b413766",
"assignerShortName": "duo",
"cveId": "CVE-2017-11427",
"datePublished": "2019-04-17T13:59:19.000Z",
"dateReserved": "2017-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:12:39.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5697 (GCVE-0-2016-5697)
Vulnerability from cvelistv5 – Published: 2017-01-23 21:00 – Updated: 2024-08-06 01:07- n/a
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/06/24/3 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-23T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160624 [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0 http://www.openwall.com/lists/oss-security/2016/06/24/3 MLIST:[oss-security] 06/24/2016 Re: [CVE-2016-5697] signature wrapping attack vulnerability in ruby-saml prior to version 1.3.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5697",
"datePublished": "2017-01-23T21:00:00.000Z",
"dateReserved": "2016-06-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:07:59.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201904-1492
Vulnerability from variot - Updated: 2023-12-18 12:50Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "duo network gateway",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "1.2.9"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "clever",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "duo security",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "omniauth",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "onelogin",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pulse secure",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "shibboleth consortium",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wizkunde b v",
"version": null
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.2.6"
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.2.5"
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.2.4"
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.2.3"
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.2.2"
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.2.1"
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.1"
},
{
"model": "network gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "duo",
"version": "1.0"
},
{
"model": "network gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "duo",
"version": "1.2.10"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#475445"
},
{
"db": "BID",
"id": "103178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "NVD",
"id": "CVE-2018-7340"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:duo_network_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7340"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kelby Ludwig of Duo Security",
"sources": [
{
"db": "BID",
"id": "103178"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
],
"trust": 0.9
},
"cve": "CVE-2018-7340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7340",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137372",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@duo.com",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7340",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7340",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@duo.com",
"id": "CVE-2018-7340",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-103",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137372",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"db": "CERT/CC",
"id": "VU#475445"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "BID",
"id": "103178"
},
{
"db": "VULHUB",
"id": "VHN-137372"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#475445",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2018-7340",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-103",
"trust": 0.6
},
{
"db": "BID",
"id": "103178",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-137372",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#475445"
},
{
"db": "VULHUB",
"id": "VHN-137372"
},
{
"db": "BID",
"id": "103178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
]
},
"id": "VAR-201904-1492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137372"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:20.027000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Duo Finds SAML Vulnerabilities Affecting Multiple Implementations",
"trust": 0.8,
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"title": "Duo Network Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78891"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "NVD",
"id": "CVE-2018-7340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/475445"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7340"
},
{
"trust": 1.1,
"url": "https://duo.com/labs/psa/duo-psa-2017-003"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.8,
"url": "https://shibboleth.net/community/advisories/secadv_20180227.txt"
},
{
"trust": 0.8,
"url": "https://community.box.com/t5/box-product-news/recently-reported-saml-vulnerabilities-what-you-need-to-know-as/ba-p/52403"
},
{
"trust": 0.8,
"url": "https://www.okta.com/blog/2018/02/what-you-need-to-know-about-saml-vulnerability-research/"
},
{
"trust": 0.8,
"url": "https://www.cloudfoundry.org/blog/vu475445"
},
{
"trust": 0.8,
"url": "https://github.com/crewjam/saml/pull/140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7340"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/475445/"
},
{
"trust": 0.3,
"url": "https://duo.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#475445"
},
{
"db": "VULHUB",
"id": "VHN-137372"
},
{
"db": "BID",
"id": "103178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#475445"
},
{
"db": "VULHUB",
"id": "VHN-137372"
},
{
"db": "BID",
"id": "103178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-27T00:00:00",
"db": "CERT/CC",
"id": "VU#475445"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-137372"
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103178"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"date": "2019-04-17T15:29:00.640000",
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"date": "2018-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-05T00:00:00",
"db": "CERT/CC",
"id": "VU#475445"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-137372"
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103178"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015272"
},
{
"date": "2020-10-02T14:44:32.147000",
"db": "NVD",
"id": "CVE-2018-7340"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#475445"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-103"
}
],
"trust": 0.6
}
}