OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
History

Fri, 20 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Omniauth
Omniauth omniauth Saml
CPEs cpe:2.3:a:omnitauth-saml_project:omnitauth-saml:*:*:*:*:*:*:*:* cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:*:*:*
Vendors & Products Omnitauth-saml Project
Omnitauth-saml Project omnitauth-saml
Omniauth
Omniauth omniauth Saml

cve-icon MITRE

Status: PUBLISHED

Assigner: duo

Published: 2019-04-17T14:00:30

Updated: 2024-08-05T18:12:39.543Z

Reserved: 2017-07-18T00:00:00

Link: CVE-2017-11430

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-17T14:29:00.433

Modified: 2024-11-21T03:07:46.560

Link: CVE-2017-11430

cve-icon Redhat

No data.