Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhocXEteDQ0Zi05Zmdn
Authentication Bypass in github.com/russellhaering/gosaml2
Impact
Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.
Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.
Patches
Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.
Permalink: https://github.com/advisories/GHSA-xhqq-x44f-9fggJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhocXEteDQ0Zi05Zmdn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-xhqq-x44f-9fgg, CVE-2020-29509
References:
- https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg
- https://nvd.nist.gov/vuln/detail/CVE-2020-29509
- https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md
- https://security.netapp.com/advisory/ntap-20210129-0006/
- https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9
- https://pkg.go.dev/vuln/GO-2021-0060
- https://github.com/advisories/GHSA-xhqq-x44f-9fgg
Blast Radius: 21.5
Affected Packages
go:github.com/russellhaering/gosaml2
Dependent packages: 65Dependent repositories: 155
Downloads:
Affected Version Ranges: < 0.6.0
Fixed in: 0.6.0
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.5.0
All unaffected versions: 0.6.0, 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1