Vulnerability from drupal
Published
2021-09-22 17:12
Modified
2023-08-11 16:53
Summary
Details

This module provides a solution to authenticate visitors using existing SAML providers.

Certain non-default configurations allow a malicious user to login as any chosen user.

The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate".

Credits
Cristian 'void' Giustini www.drupal.org/user/3680969
References
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c2.24.0"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/miniorange_saml"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c2.24.0"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/3680969"
      ],
      "name": "Cristian \u0027void\u0027 Giustini"
    }
  ],
  "details": "This module provides a solution to authenticate visitors using existing SAML providers.\n\nCertain non-default configurations allow a malicious user to login as any chosen user.\n\nThe vulnerability is mitigated by the module\u0027s default settings which require the options \"Either sign SAML assertions\" and \"x509 certificate\".",
  "id": "DRUPAL-CONTRIB-2021-036",
  "modified": "2023-08-11T16:53:25.000Z",
  "published": "2021-09-22T17:12:02.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2021-036"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.