Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1127 vulnerabilities reference this CWE, most recent first.

GHSA-M5M3-46GJ-WCH8

Vulnerability from github – Published: 2022-10-06 19:54 – Updated: 2023-01-10 16:09
VLAI
Summary
SIF's Digital Signature Hash Algorithms Not Validated
Details

Impact

The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.

Patches

A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade.

The patch is commit https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa

Workarounds

Users may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

References

For more information

If you have any questions or comments about this advisory:

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sylabs/sif/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-06T19:54:55Z",
    "nvd_published_at": "2022-10-06T18:16:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe `github.com/sylabs/sif/v2/pkg/integrity` package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.\n\n### Patches\n\nA patch is available in version \u003e= v2.8.1 of the module. Users are encouraged to upgrade.\n\nThe patch is commit https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa\n\n### Workarounds\n\nUsers may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.\n\n### References\n\n* [CVE-2004-2761](https://nvd.nist.gov/vuln/detail/cve-2004-2761)\n* [CVE-2005-4900](https://nvd.nist.gov/vuln/detail/cve-2005-4900)\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [github.com/sylabs/sif](https://github.com/sylabs/sif/issues/new)\n* Email us at [security@sylabs.io](mailto:security@sylabs.io)",
  "id": "GHSA-m5m3-46gj-wch8",
  "modified": "2023-01-10T16:09:12Z",
  "published": "2022-10-06T19:54:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sylabs/sif"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sylabs/sif/releases/tag/v2.8.1"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/cve-2004-2761"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/cve-2005-4900"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-1045"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SIF\u0027s Digital Signature Hash Algorithms Not Validated"
}

GHSA-M82C-5HPW-48F7

Vulnerability from github – Published: 2023-07-20 18:33 – Updated: 2024-04-04 06:17
VLAI
Details

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-924"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-20T15:15:11Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Samba\u0027s SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured \"server signing = required\" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.",
  "id": "GHSA-m82c-5hpw-48f7",
  "modified": "2024-04-04T06:17:50Z",
  "published": "2023-07-20T18:33:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3347"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:4325"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2023:4328"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3347"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222792"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230731-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5477"
    },
    {
      "type": "WEB",
      "url": "https://www.samba.org/samba/security/CVE-2023-3347.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M837-G268-MMV7

Vulnerability from github – Published: 2025-07-25 14:08 – Updated: 2025-07-25 14:08
VLAI
Summary
Node-SAML SAML Authentication Bypass
Details

Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature.

This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username.

To conduct the attack an attacker would need a validly signed document from the identity provider (IdP).

In fixing this we upgraded xml-crypto to v6.1.2 and made sure to process the SAML assertions from only verified/authenticated contents. This will prevent future variants from coming up.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "node-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@node-saml/node-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54369"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-347",
      "CWE-87"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-25T14:08:50Z",
    "nvd_published_at": "2025-07-24T23:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. \n\nThis allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username.\n\nTo conduct the attack an attacker would need a validly signed document from the identity provider (IdP).\n\nIn fixing this we upgraded xml-crypto to v6.1.2 and made sure to process the SAML assertions from only verified/authenticated contents. This will prevent future variants from coming up.",
  "id": "GHSA-m837-g268-mmv7",
  "modified": "2025-07-25T14:08:50Z",
  "published": "2025-07-25T14:08:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54369"
    },
    {
      "type": "WEB",
      "url": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/node-saml/node-saml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Node-SAML SAML Authentication Bypass"
}

GHSA-M92X-373G-XC36

Vulnerability from github – Published: 2022-02-10 00:01 – Updated: 2022-02-10 00:01
VLAI
Details

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-13T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.",
  "id": "GHSA-m92x-373g-xc36",
  "modified": "2022-02-10T00:01:23Z",
  "published": "2022-02-10T00:01:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16154"
    },
    {
      "type": "WEB",
      "url": "https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/pod/App::cpanminus"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M93H-GJV2-FMQ2

Vulnerability from github – Published: 2026-06-12 18:32 – Updated: 2026-06-29 21:31
VLAI
Details

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48558"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-12T18:16:35Z",
    "severity": "CRITICAL"
  },
  "details": "SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.",
  "id": "GHSA-m93h-gjv2-fmq2",
  "modified": "2026-06-29T21:31:55Z",
  "published": "2026-06-12T18:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48558"
    },
    {
      "type": "WEB",
      "url": "https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain"
    },
    {
      "type": "WEB",
      "url": "https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs"
    },
    {
      "type": "WEB",
      "url": "https://simple-help.com/release-news"
    },
    {
      "type": "WEB",
      "url": "https://simple-help.com/security/simplehelp-security-update-2026-05"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48558"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M95P-425X-X889

Vulnerability from github – Published: 2025-11-25 20:41 – Updated: 2025-11-27 08:59
VLAI
Summary
cggmp21 has a missing check in the ZK proof used in CGGMP21
Details

Impact

cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.

Patches

  • cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check
  • However, cggmp21 recommends upgrading to cggmp24 v0.7.0-alpha.2 which contains many other security checks as a precaution. Follow migration guideline to upgrade.

Workarounds

Update to cggmp21 v0.6.3, a minor release that contains a minimal security patch.

However, for full mitigation, users will need to upgrade to cggmp24 v0.7.0-alpha.2 as it contains many more security check implementations.

Resources

Read this blog post to learn more.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "cggmp21"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "cggmp24"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.0-alpha.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-25T20:41:04Z",
    "nvd_published_at": "2025-11-25T20:16:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\ncggmp21  concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.\n\n### Patches\n* `cggmp21 v0.6.3` is a patch release that contains a fix that introduces this specific missing check\n* However, cggmp21 recommends upgrading to `cggmp24 v0.7.0-alpha.2` which contains many other security checks as a precaution. Follow [migration guideline](https://github.com/LFDT-Lockness/cggmp21/blob/v0.7.0-alpha.2/CGGMP21_MIGRATION.md) to upgrade.\n\n### Workarounds\nUpdate to `cggmp21 v0.6.3`, a minor release that contains a minimal security patch.\n\nHowever, for full mitigation, users will need to upgrade to `cggmp24 v0.7.0-alpha.2` as it contains many more security check implementations.\n\n### Resources\nRead this [blog post](https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained) to learn more.",
  "id": "GHSA-m95p-425x-x889",
  "modified": "2025-11-27T08:59:47Z",
  "published": "2025-11-25T20:41:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66016"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/LFDT-Lockness/cggmp21"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0129.html"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0130.html"
    },
    {
      "type": "WEB",
      "url": "https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "cggmp21 has a missing check in the ZK proof used in CGGMP21"
}

GHSA-M974-647V-WHV7

Vulnerability from github – Published: 2022-10-12 22:05 – Updated: 2022-10-18 03:11
VLAI
Summary
Signature bypass via multiple root elements
Details

Impact

A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered.

Patches

Users should upgrade to passport-saml 3.2.2 or newer. The issue was also present in the beta releases of node-saml before v4.0.0-beta.5.

Workarounds

Disable SAML authentication.

References

Are there any links users can visit to find out more?

For more information

If you have any questions or comments about this advisory: * Open a discussion in the node-saml repo

Credits

  • Felix Wilhelm of Google Project Zero
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "passport-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "node-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0-beta.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@node-saml/node-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0-beta.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@node-saml/passport-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0-beta.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-12T22:05:41Z",
    "nvd_published_at": "2022-10-12T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered.\n\n### Patches\n\nUsers should upgrade to passport-saml 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before v4.0.0-beta.5.\n\n### Workarounds\n\nDisable SAML authentication.\n\n### References\n_Are there any links users can visit to find out more?_\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open a discussion in the [node-saml repo](https://github.com/node-saml/node-saml/discussions)\n\n### Credits\n\n* Felix Wilhelm of Google Project Zero\n",
  "id": "GHSA-m974-647v-whv7",
  "modified": "2022-10-18T03:11:22Z",
  "published": "2022-10-12T22:05:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39299"
    },
    {
      "type": "WEB",
      "url": "https://github.com/node-saml/passport-saml/commit/8b7e3f5a91c8e5ac7e890a0c90bc7491ce33155e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/node-saml/passport-saml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/node-saml/passport-saml/releases/tag/v3.2.2"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/169826/Node-saml-Root-Element-Signature-Bypass.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Signature bypass via multiple root elements"
}

GHSA-M9HP-7R99-94H5

Vulnerability from github – Published: 2021-12-20 17:53 – Updated: 2021-05-21 20:49
VLAI
Summary
Critical security issues in XML encoding in github.com/dexidp/dex
Details

Impact

The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector:

Signature Validation Bypass (CVE-2020-15216): https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7

encoding/xml instabilities: - Element namespace prefix instability (CVE-2020-29511) - Attribute namespace prefix instability (CVE-2020-29509) - Directive comment instability (CVE-2020-29510)

Patches

Immediately update to Dex v2.27.0.

Workarounds

There are no known workarounds.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/dexidp/dex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.27.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/russellhaering/goxmldsig"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T20:49:36Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe following vulnerabilities have been disclosed, which impact users leveraging the SAML connector:\n\nSignature Validation Bypass (CVE-2020-15216): https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7\n\n`encoding/xml` instabilities:\n - [Element namespace prefix instability (CVE-2020-29511)](https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md)\n - [Attribute namespace prefix instability (CVE-2020-29509)](https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md)\n - [Directive comment instability (CVE-2020-29510)](https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md)\n\n### Patches\n\nImmediately update to [Dex v2.27.0](https://github.com/dexidp/dex/releases/tag/v2.27.0).\n\n### Workarounds\n\nThere are no known workarounds.",
  "id": "GHSA-m9hp-7r99-94h5",
  "modified": "2021-05-21T20:49:36Z",
  "published": "2021-12-20T17:53:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26290"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dexidp/dex/releases/tag/v2.27.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2020-0050"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Critical security issues in XML encoding in github.com/dexidp/dex"
}

GHSA-MC6J-H948-V2P6

Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2023-03-08 19:49
VLAI
Summary
RubyGems Improper Verification of Cryptographic Signature vulnerability
Details

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures. This vulnerability has been fixed in 2.7.6.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rubygems-update"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.7.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jruby:jruby-stdlib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.1.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1000076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-08T19:49:18Z",
    "nvd_published_at": "2018-03-13T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can result in a mis-signed gem being installed, as the tarball would contain multiple gem signatures. This vulnerability has been fixed in 2.7.6.",
  "id": "GHSA-mc6j-h948-v2p6",
  "modified": "2023-03-08T19:49:18Z",
  "published": "2022-05-14T01:01:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000076"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jruby/jruby/commit/0b06b48ab4432237ce5fc1bef47f2c6bcf7843f7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4259"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4219"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3621-1"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rubygems/rubygems"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0663"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0591"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0542"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2028"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3731"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3730"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3729"
    },
    {
      "type": "WEB",
      "url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "RubyGems Improper Verification of Cryptographic Signature vulnerability"
}

GHSA-MC7W-JQ93-55QG

Vulnerability from github – Published: 2024-01-26 03:30 – Updated: 2024-01-26 03:30
VLAI
Details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-26T01:15:10Z",
    "severity": "LOW"
  },
  "details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
  "id": "GHSA-mc7w-jq93-55qg",
  "modified": "2024-01-26T03:30:19Z",
  "published": "2024-01-26T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21383"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21383"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.