Vulnerabilites related to node_saml_project - node_saml
CVE-2023-40178 (GCVE-0-2023-40178)
Vulnerability from cvelistv5
Published
2023-08-23 20:15
Modified
2024-10-02 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw"
},
{
"name": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec"
},
{
"name": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:node-saml:node-saml:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "node-saml",
"vendor": "node-saml",
"versions": [
{
"lessThan": "4.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40178",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:49:43.816412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:56:08.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "node-saml",
"vendor": "node-saml",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T20:15:23.057Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw"
},
{
"name": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec"
},
{
"name": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5"
}
],
"source": {
"advisory": "GHSA-vx8m-6fhw-pccw",
"discovery": "UNKNOWN"
},
"title": "@node-saml/node-saml\u0027s validatePostRequestAsync does not include checkTimestampsValidityError"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40178",
"datePublished": "2023-08-23T20:15:23.057Z",
"dateReserved": "2023-08-09T15:26:41.052Z",
"dateUpdated": "2024-10-02T18:56:08.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39300 (GCVE-0-2022-39300)
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2025-04-23 16:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:43.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:47:51.450082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:50:20.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "node-saml",
"vendor": "node-saml",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.0-beta.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-13T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv"
},
{
"url": "https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe"
}
],
"source": {
"advisory": "GHSA-5p8w-2mvw-38pv",
"discovery": "UNKNOWN"
},
"title": "Signature bypass via multiple root elements in node-SAML"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39300",
"datePublished": "2022-10-13T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:50:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-10-13 22:15
Modified
2024-11-21 07:17
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| node_saml_project | node_saml | * | |
| node_saml_project | node_saml | 4.0.0 | |
| node_saml_project | node_saml | 4.0.0 | |
| node_saml_project | node_saml | 4.0.0 | |
| node_saml_project | node_saml | 4.0.0 | |
| node_saml_project | node_saml | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:node_saml_project:node_saml:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "8ED97285-B7FC-4998-83F1-6F1F3B7D815D",
"versionEndExcluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:node_saml_project:node_saml:4.0.0:beta0:*:*:*:node.js:*:*",
"matchCriteriaId": "377E404E-64E0-4866-A7D3-7A9FFFCF5C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:node_saml_project:node_saml:4.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "763349AA-60D1-4670-90F6-2175053A0258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:node_saml_project:node_saml:4.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "EC48DA5E-5FE9-4281-927E-CC6D5E6E1AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:node_saml_project:node_saml:4.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "DCBFE400-E3A3-489F-8A77-7416B3B018A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:node_saml_project:node_saml:4.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "EA9A3CB3-780A-40CC-B1F6-DB42ACEC88B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround."
},
{
"lang": "es",
"value": "node SAML es una biblioteca SAML versi\u00f3n 2.0 basada en la implementaci\u00f3n SAML de passport-saml. Un atacante remoto puede ser capaz de omitir la autenticaci\u00f3n SAML en un sitio web usando passport-saml. Un ataque con \u00e9xito requiere que el atacante est\u00e9 en posesi\u00f3n de un elemento XML firmado por un IDP arbitrario. Dependiendo del IDP usado, los ataques sin autenticaci\u00f3n (por ejemplo, sin acceso a un usuario v\u00e1lido) tambi\u00e9n podr\u00edan ser factibles si puede desencadenarse la generaci\u00f3n de un mensaje firmado. Los usuarios deben actualizar a versi\u00f3n 4.0.0-beta5 de node-saml o m\u00e1s reciente. Puede deshabilitarse la autenticaci\u00f3n SAML como mitigaci\u00f3n"
}
],
"id": "CVE-2022-39300",
"lastModified": "2024-11-21T07:17:59.237",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-13T22:15:10.300",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/node-saml/node-saml/commit/c1f275c289c01921e58f5c70ce0fdbc5287e5fbe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-23 21:15
Modified
2024-11-21 08:18
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| node_saml_project | node_saml | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:node_saml_project:node_saml:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "202E9402-BCE3-4607-A634-281E691142DC",
"versionEndExcluding": "4.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.\n"
},
{
"lang": "es",
"value": "Node-SAML es una librer\u00eda SAML que no depende de ning\u00fan framework que se ejecute en Node. La falta de comprobaci\u00f3n de la marca de tiempo actual permite que un LogoutRequest XML se reutilice varias veces incluso cuando el tiempo actual ha pasado el NotOnOrAfter. Esto podr\u00eda afectar al usuario, que podr\u00eda cerrar la sesi\u00f3n con un LogoutRequest caducado. En contextos m\u00e1s grandes, si los LogoutRequests son enviados en masa a diferentes SPs, esto podr\u00eda afectar a muchos usuarios a gran escala. Este problema fue corregido en la versi\u00f3n 4.0.5."
}
],
"id": "CVE-2023-40178",
"lastModified": "2024-11-21T08:18:56.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-23T21:15:08.877",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/node-saml/node-saml/commit/045e3b9c54211fdb95f96edf363679845b195cec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/node-saml/node-saml/releases/tag/v4.0.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-vx8m-6fhw-pccw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}