Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhocXEteDQ0Zi05Zmdn

Authentication Bypass in github.com/russellhaering/gosaml2

Impact

Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.

Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.

Patches

Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.

Permalink: https://github.com/advisories/GHSA-xhqq-x44f-9fgg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhocXEteDQ0Zi05Zmdn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 3 years ago
Updated: almost 2 years ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00105
EPSS Percentile: 0.43887

Identifiers: GHSA-xhqq-x44f-9fgg, CVE-2020-29509
References:

• https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg
• https://nvd.nist.gov/vuln/detail/CVE-2020-29509
• https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md
• https://security.netapp.com/advisory/ntap-20210129-0006/
• https://github.com/russellhaering/gosaml2/commit/42606dafba60c58c458f14f75c4c230459672ab9
• https://pkg.go.dev/vuln/GO-2021-0060
• https://github.com/advisories/GHSA-xhqq-x44f-9fgg

Repository: https://github.com/russellhaering/gosaml2
Blast Radius: 21.5

Affected Packages