Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements
Vulnerability Description
The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
SAML 授权问题漏洞
Vulnerability Description
SAML是Ross Kinder个人开发者的一个包含了 golang 中 saml 标准的部分实现的库。即允许第三方对您的用户进行身份验证,或允许第三者依靠我们对其用户进行身份认证。 SAML 0.4.9之前版本存在授权问题漏洞,该漏洞源于缺乏身份验证。
CVSS Information
N/A
Vulnerability Type
N/A