Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS

SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers.

Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. The documentation for self-hosting SSOReady is available here.

Vulnerability was discovered by @ahacker1-securesaml. It's likely the precise mechanism of attack affects other SAML implementations, so the reporter and I (@ucarion) have agreed to not disclose it in detail publicly at this time.

Permalink: https://github.com/advisories/GHSA-j2hr-q93x-gxvh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 4 days ago
Updated: 4 days ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-j2hr-q93x-gxvh, CVE-2024-47832
References:

• https://github.com/ssoready/ssoready/security/advisories/GHSA-j2hr-q93x-gxvh
• https://nvd.nist.gov/vuln/detail/CVE-2024-47832
• https://github.com/ssoready/ssoready/commit/7f92a0630439972fcbefa8c7eafe8c144bd89915
• https://pkg.go.dev/vuln/GO-2024-3185
• https://ssoready.com/docs/self-hosting/self-hosting-sso-ready
• https://github.com/advisories/GHSA-j2hr-q93x-gxvh

Repository: https://github.com/ssoready/ssoready
Blast Radius: 1.0

Affected Packages