Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01d3JnLThmeHAtY3g5cs4AAz-a
passport-wsfed-saml2 Signature Bypass vulnerability
Information
Please note that this is not a new disclosure, and is previously reported in our SECURITY-NOTICE.md which we removed in favor of github advisory.
Overview
A vulnerability was found in the validation of a SAML signature. The validation doesn't ensure that the "Signature" tag is at the proper location inside an "Assertion" tag. This leads to a signature relocation attack where the attacker can corrupt one field of data while maintaining the signature valid. This could allow an authenticated attacker to "remove" one group from the assertion or corrupt another field of an assertion.
Am I affected?
You are affected if you are using the passport-wsfed-saml2 library to version < 3.0.10
How do I fix it?
You may fix this issue by upgrading passport-wsfed-saml2 library to version 3.0.10 or above.
Will the fix impact my users?
This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.
Permalink: https://github.com/advisories/GHSA-5wrg-8fxp-cx9rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01d3JnLThmeHAtY3g5cs4AAz-a
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 11 months ago
Identifiers: GHSA-5wrg-8fxp-cx9r
References:
- https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-5wrg-8fxp-cx9r
- https://github.com/auth0/passport-wsfed-saml2/pull/79
- https://github.com/auth0/passport-wsfed-saml2/commit/f75211d42d2586a0d24a9da29ba8590e42363500
- https://github.com/advisories/GHSA-5wrg-8fxp-cx9r
Blast Radius: 0.0
Affected Packages
npm:passport-wsfed-saml2
Dependent packages: 3Dependent repositories: 11
Downloads: 13,957 last month
Affected Version Ranges: < 3.0.10
Fixed in: 3.0.10
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.3.12, 0.5.0, 0.6.0, 0.6.1, 0.7.1, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.9.0, 0.10.0, 0.10.1, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.15.0, 0.16.0, 0.16.1, 0.17.0, 0.18.0, 0.19.0, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.11.4, 2.11.5, 2.11.6, 2.12.0, 2.13.0, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9
All unaffected versions: 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.6.3