OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Omniauth
Omniauth omniauth Saml |
|
CPEs | cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:*:*:* | |
Vendors & Products |
Omnitauth-saml Project
Omnitauth-saml Project omnitauth-saml |
Omniauth
Omniauth omniauth Saml |
MITRE
Status: PUBLISHED
Assigner: duo
Published: 2019-04-17T14:00:30
Updated: 2024-08-05T18:12:39.543Z
Reserved: 2017-07-18T00:00:00
Link: CVE-2017-11430
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-17T14:29:00.433
Modified: 2024-11-21T03:07:46.560
Link: CVE-2017-11430
Redhat
No data.