GHSA-5X9F-6VG5-QG4M
Vulnerability from github – Published: 2026-06-05 15:25 – Updated: 2026-06-05 15:25
VLAI
Summary
Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token
Details
Summary
SAML.getSession (internal/pkg/auth/interceptor/saml.go) checks the Used flag on a SAMLAssertion resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same saml-session token can both observe Used == false, both pass validation, and both return a successful authentication context. An attacker who obtains a valid saml-session token can exploit this window to authenticate as the token's owner multiple times, defeating the one-time-use guarantee.
Severity
- Attack Vector: Local: the attacker needs to either be able to intercept the local, unencrypted traffic or needs access to user's browser.
- Attack Complexity: High: the attacker must first obtain a valid
saml-sessiontoken belonging to the victim (requires a separate interception step; the token is ephemeral and single-use by design). - Privileges Required: None: no Omni account is required to carry out the race once the session token is in hand.
- User Interaction: Required: the victim must initiate a SAML authentication flow to produce the session token that the attacker intercepts.
- Scope: Unchanged: the impact stays within Omni's authorization boundary.
- Confidentiality Impact: High: successful exploitation authenticates the attacker as the victim's email identity, granting read access to any resource accessible to that identity.
- Integrity Impact: High: the attacker can confirm one or more public keys under the victim's identity (via
ConfirmPublicKey), establishing persistent access credentials tied to the victim's account. - Availability Impact: High: if the attacker can successfully perform the attack and if the victim is a privileged Omni user, e.g., an Omni Operator or Admin, they can take Omni down.
Impact
- Session replay: A stolen
saml-sessiontoken can be used more than once, defeating its single-use guarantee. - Multiple public key confirmations: An attacker who steals the session can confirm N attacker-controlled public keys under the victim's identity in a single stolen session window, creating N persistent long-lived API credentials tied to the victim's account.
- Authentication as victim: Any gRPC endpoint gated by the SAML interceptor can be reached as the victim's email identity during the race window.
- Audit log pollution: Each raced call generates an audit entry attributed to the victim's email, obscuring the attacker's actions.
Credit
This vulnerability was discovered and reported by bugbunny.ai.
Severity
7.0 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siderolabs/omni"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/siderolabs/omni"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.7.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45720"
],
"database_specific": {
"cwe_ids": [
"CWE-294",
"CWE-367"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-05T15:25:28Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\n`SAML.getSession` (`internal/pkg/auth/interceptor/saml.go`) checks the `Used` flag on a `SAMLAssertion` resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same `saml-session` token can both observe `Used == false`, both pass validation, and both return a successful authentication context. An attacker who obtains a valid `saml-session` token can exploit this window to authenticate as the token\u0027s owner multiple times, defeating the one-time-use guarantee.\n\n## Severity\n\n- **Attack Vector:** Local: the attacker needs to either be able to intercept the local, unencrypted traffic or needs access to user\u0027s browser.\n- **Attack Complexity:** High: the attacker must first obtain a valid `saml-session` token belonging to the victim (requires a separate interception step; the token is ephemeral and single-use by design).\n- **Privileges Required:** None: no Omni account is required to carry out the race once the session token is in hand.\n- **User Interaction:** Required: the victim must initiate a SAML authentication flow to produce the session token that the attacker intercepts.\n- **Scope:** Unchanged: the impact stays within Omni\u0027s authorization boundary.\n- **Confidentiality Impact:** High: successful exploitation authenticates the attacker as the victim\u0027s email identity, granting read access to any resource accessible to that identity.\n- **Integrity Impact:** High: the attacker can confirm one or more public keys under the victim\u0027s identity (via `ConfirmPublicKey`), establishing persistent access credentials tied to the victim\u0027s account.\n- **Availability Impact:** High: if the attacker can successfully perform the attack and if the victim is a privileged Omni user, e.g., an Omni Operator or Admin, they can take Omni down.\n\n## Impact\n\n- **Session replay**: A stolen `saml-session` token can be used more than once, defeating its single-use guarantee.\n- **Multiple public key confirmations**: An attacker who steals the session can confirm N attacker-controlled public keys under the victim\u0027s identity in a single stolen session window, creating N persistent long-lived API credentials tied to the victim\u0027s account.\n- **Authentication as victim**: Any gRPC endpoint gated by the SAML interceptor can be reached as the victim\u0027s email identity during the race window.\n- **Audit log pollution**: Each raced call generates an audit entry attributed to the victim\u0027s email, obscuring the attacker\u0027s actions.\n\n## Credit\n\nThis vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).",
"id": "GHSA-5x9f-6vg5-qg4m",
"modified": "2026-06-05T15:25:28Z",
"published": "2026-06-05T15:25:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siderolabs/omni/security/advisories/GHSA-5x9f-6vg5-qg4m"
},
{
"type": "PACKAGE",
"url": "https://github.com/siderolabs/omni"
},
{
"type": "WEB",
"url": "https://github.com/siderolabs/omni/releases/tag/v1.6.6"
},
{
"type": "WEB",
"url": "https://github.com/siderolabs/omni/releases/tag/v1.7.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…