{"uuid": "1f8e5b2b-33c8-4448-800f-eed0e6a7d090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31261", "type": "seen", "source": "https://t.me/cibsecurity/43262", "content": "\u203c CVE-2022-31261 \u203c\n\nAn XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-24T18:37:12.000000Z"}