-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability is a SAML authentication bypass caused by an XML Signature Wrapping (XSW) flaw. The node-saml library correctly checked for the presence of a valid cryptographic signature in the SAML response but failed to ensure that the assertion being processed was the same one covered by the signature. The core of the issue lies in the SAML.validatePostResponseAsync function, which would call validateSignature, and upon receiving a true result, would proceed to extract the assertion from the full, untrusted XML document. This allowed an attacker to include a validly signed assertion alongside a malicious, unsigned one, tricking the application into processing the latter. The SAML.processValidlySignedAssertionAsync function would then parse this malicious assertion, leading to an authentication bypass. The fix involved deprecating the boolean-based validateSignature function and introducing getVerifiedXml, which returns the actual signed content. This ensures that the application only processes data that has been cryptographically verified, mitigating the XSW attack vector.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| node-saml | npm | <= 3.1.2 | |
| @node-saml/node-saml | npm | <= 5.0.1 | 5.1.0 |
KEV Misses 88% of Exploited CVEs- Get the report