Sha256: 42669abd716c99c455f044247c940e22eb923c9600255336e4dcdc4228ef6baf

Contents?: true

Size: 1.12 KB

Versions: 3

Compression:

Stored size: 1.12 KB

Contents

---
gem: ruby-saml
cve: 2017-11428
url: https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
title: Authentication bypass via incorrect XML canonicalization and DOM traversal
date: 2018-02-27
description: |
  ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect
  XML canonicalization and DOM traversal. Specifically, there are inconsistencies in
  handling of comments within XML nodes, resulting in incorrect parsing of the inner text
  of XML nodes such that any inner text after the comment is lost prior to
  cryptographically signing the SAML message. Text after the comment therefore has no
  impact on the signature on the SAML message.

  A remote attacker can modify SAML content for a SAML service provider without
  invalidating the cryptographic signature, which may allow attackers to bypass
  primary authentication for the affected SAML service provider.

cvss_v2: 6.3

patched_versions:
  - ">= 1.7.0"

related:
  url:
    - https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
    - https://www.kb.cert.org/vuls/id/475445

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/ruby-saml/CVE-2017-11428.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/ruby-saml/CVE-2017-11428.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/ruby-saml/CVE-2017-11428.yml