Vulnerability Description
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Saml Project | Saml | < 0.4.9 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.htmlThird Party AdvisoryVDB Entry
- https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8bPatchThird Party Advisory
- https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2gThird Party Advisory
- http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.htmlThird Party AdvisoryVDB Entry
- https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8bPatchThird Party Advisory
- https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2gThird Party Advisory
FAQ
What is CVE-2022-41912?
CVE-2022-41912 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in ver...
How severe is CVE-2022-41912?
CVE-2022-41912 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-41912?
Check the references section above for vendor advisories and patch information. Affected products include: Saml Project Saml.