Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for tyk-identity-broker by tyk

    CVE-2021-23365 (GCVE-0-2021-23365)

    Vulnerability from nvd – Published: 2021-04-26 10:05 – Updated: 2024-09-17 00:56
    VLAI
    Title
    Authentication Bypass
    Summary
    The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
    CWE
    • Authentication Bypass
    Assigner
    Impacted products
    Vendor Product Version
    n/a github.com/TykTechnologies/tyk-identity-broker Affected: unspecified , < 1.1.1 (custom)
    Date Public
    2021-04-26 00:00
    Credits
    Sredny M.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "github.com/TykTechnologies/tyk-identity-broker",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "1.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Sredny M."
            }
          ],
          "datePublic": "2021-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn\u2019t guarantee integrity in the XML round-trip (encoding/decoding XML data)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T10:05:32.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147"
            }
          ],
          "title": "Authentication Bypass",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2021-04-26T10:00:35.669586Z",
              "ID": "CVE-2021-23365",
              "STATE": "PUBLIC",
              "TITLE": "Authentication Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "github.com/TykTechnologies/tyk-identity-broker",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Sredny M."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn\u2019t guarantee integrity in the XML round-trip (encoding/decoding XML data)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2021-23365",
        "datePublished": "2021-04-26T10:05:33.138Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:27.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23365 (GCVE-0-2021-23365)

    Vulnerability from cvelistv5 – Published: 2021-04-26 10:05 – Updated: 2024-09-17 00:56
    VLAI
    Title
    Authentication Bypass
    Summary
    The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
    CWE
    • Authentication Bypass
    Assigner
    Impacted products
    Vendor Product Version
    n/a github.com/TykTechnologies/tyk-identity-broker Affected: unspecified , < 1.1.1 (custom)
    Date Public
    2021-04-26 00:00
    Credits
    Sredny M.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "github.com/TykTechnologies/tyk-identity-broker",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "1.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Sredny M."
            }
          ],
          "datePublic": "2021-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn\u2019t guarantee integrity in the XML round-trip (encoding/decoding XML data)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T10:05:32.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147"
            }
          ],
          "title": "Authentication Bypass",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2021-04-26T10:00:35.669586Z",
              "ID": "CVE-2021-23365",
              "STATE": "PUBLIC",
              "TITLE": "Authentication Bypass"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "github.com/TykTechnologies/tyk-identity-broker",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Sredny M."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn\u2019t guarantee integrity in the XML round-trip (encoding/decoding XML data)."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0"
                },
                {
                  "name": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147",
                  "refsource": "MISC",
                  "url": "https://github.com/TykTechnologies/tyk-identity-broker/pull/147"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2021-23365",
        "datePublished": "2021-04-26T10:05:33.138Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:27.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }