CVE-2024-47832 — CRITICAL (9.8)

Q: How severe is CVE-2024-47832?

CVE-2024-47832 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-47832?

Check the references section above for vendor advisories and patch information. Affected products include: Ssoready Ssoready.

Vulnerability Description

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ssoready	Ssoready	< 2024-10-09

Related Weaknesses (CWE)

CWE-347

References

FAQ

What is CVE-2024-47832?

CVE-2024-47832 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain...

How severe is CVE-2024-47832?

CVE-2024-47832 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-47832?

Check the references section above for vendor advisories and patch information. Affected products include: Ssoready Ssoready.