Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.
History

Wed, 02 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Node-saml
Node-saml node-saml
CPEs cpe:2.3:a:node-saml:node-saml:*:*:*:*:*:*:*:*
Vendors & Products Node-saml
Node-saml node-saml
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-23T20:15:23.057Z

Updated: 2024-10-02T18:56:08.820Z

Reserved: 2023-08-09T15:26:41.052Z

Link: CVE-2023-40178

cve-icon Vulnrichment

Updated: 2024-08-02T18:24:55.555Z

cve-icon NVD

Status : Modified

Published: 2023-08-23T21:15:08.877

Modified: 2024-11-21T08:18:56.333

Link: CVE-2023-40178

cve-icon Redhat

No data.