{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48703", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-17T19:43:37.554Z", "datePublished": "2024-03-06T19:18:39.542Z", "dateUpdated": "2024-08-02T21:37:54.599Z"}, "containers": {"cna": {"title": "SAML authentication bypass vulnerability in RobotsAndPencils/go-saml", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/"}], "affected": [{"vendor": "RobotsAndPencils", "product": "go-saml", "versions": [{"version": "<= 0.0.0-20230606195814-29020529affc", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T19:18:39.542Z"}, "descriptions": [{"lang": "en", "value": "RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without defining the enabled key data, the origin of the public key for the signature verification is, unfortunately, not restricted. That means an attacker can sign the SAML assertions themselves and provide the required public key (e.g. an RSA key) directly embedded in the SAML token. Projects still using RobotsAndPencils/go-saml should move to another SAML library or alternatively remove support for SAML from their projects. The vulnerability can likely temporarily be fixed by forking the go-saml project and adding the command line argument `--enabled-key-data` and specifying a value such as `x509` or `raw-x509-cert` when calling the `xmlsec1` binary in the verify function. Please note that this workaround must be carefully tested before it can be used."}], "source": {"advisory": "GHSA-6h53-q94j-348w", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "robotsandpencils", "product": "go-saml", "cpes": ["cpe:2.3:a:robotsandpencils:go-saml:-:*:*:*:*:go:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.0.0-20230606195814-29020529affc", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-07T15:56:18.845271Z", "id": "CVE-2023-48703", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T16:28:59.473Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:37:54.599Z"}, "title": "CVE Program Container", "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/", "name": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:37:54.599Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-07T15:56:18.845271Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:robotsandpencils:go-saml:-:*:*:*:*:go:*:*"], "vendor": "robotsandpencils", "product": "go-saml", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0.0.0-20230606195814-29020529affc"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T16:28:51.923Z"}}], "cna": {"title": "SAML authentication bypass vulnerability in RobotsAndPencils/go-saml", "source": {"advisory": "GHSA-6h53-q94j-348w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "RobotsAndPencils", "product": "go-saml", "versions": [{"status": "affected", "version": "<= 0.0.0-20230606195814-29020529affc"}]}], "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/", "name": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without defining the enabled key data, the origin of the public key for the signature verification is, unfortunately, not restricted. That means an attacker can sign the SAML assertions themselves and provide the required public key (e.g. an RSA key) directly embedded in the SAML token. Projects still using RobotsAndPencils/go-saml should move to another SAML library or alternatively remove support for SAML from their projects. The vulnerability can likely temporarily be fixed by forking the go-saml project and adding the command line argument `--enabled-key-data` and specifying a value such as `x509` or `raw-x509-cert` when calling the `xmlsec1` binary in the verify function. Please note that this workaround must be carefully tested before it can be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-06T19:18:39.542Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48703", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:37:54.599Z", "dateReserved": "2023-11-17T19:43:37.554Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-06T19:18:39.542Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without defining the enabled key data, the origin of the public key for the signature verification is, unfortunately, not restricted. That means an attacker can sign the SAML assertions themselves and provide the required public key (e.g. an RSA key) directly embedded in the SAML token. Projects still using RobotsAndPencils/go-saml should move to another SAML library or alternatively remove support for SAML from their projects. The vulnerability can likely temporarily be fixed by forking the go-saml project and adding the command line argument `--enabled-key-data` and specifying a value such as `x509` or `raw-x509-cert` when calling the `xmlsec1` binary in the verify function. Please note that this workaround must be carefully tested before it can be used."}, {"lang": "es", "value": "RobotsAndPencils go-saml, una librer\u00eda cliente SAML escrita en Go, contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en todas las versiones conocidas. Esto se debe a c\u00f3mo se llama internamente a la herramienta de l\u00ednea de comando `xmlsec1` para verificar la firma de las aserciones SAML. Cuando se utiliza `xmlsec1` sin definir los datos de la clave habilitada, desafortunadamente el origen de la clave p\u00fablica para la verificaci\u00f3n de la firma no est\u00e1 restringido. Eso significa que un atacante puede firmar las afirmaciones SAML por s\u00ed mismo y proporcionar la clave p\u00fablica requerida (por ejemplo, una clave RSA) directamente integrada en el token SAML. Los proyectos que todav\u00eda usan RobotsAndPencils/go-saml deben trasladarse a otra librer\u00eda SAML o, alternativamente, eliminar la compatibilidad con SAML de sus proyectos. Es probable que la vulnerabilidad pueda solucionarse temporalmente bifurcando el proyecto go-saml y agregando el argumento de l\u00ednea de comando `--enabled-key-data` y especificando un valor como `x509` o `raw-x509-cert` al llamar al ` xmlsec1` binario en la funci\u00f3n de verificaci\u00f3n. Tenga en cuenta que esta workaround se debe probar cuidadosamente antes de poder utilizarla."}], "id": "CVE-2023-48703", "lastModified": "2024-11-21T08:32:17.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-06T20:15:47.343", "references": [{"source": "security-advisories@github.com", "url": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://securitylab.github.com/advisories/GHSL-2023-121_go-saml__archived_/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}