DirectorySecurity Advisories
Sign In
Security Advisories

CGA-8qmm-6vmh-mj3g

Published

Last updated

https://images.chainguard.dev/security/CGA-8qmm-6vmh-mj3g
Package

go-fips-1.20

Latest Update
Not affected
Aliases
  • CVE-2020-29509
  • GHSA-xhqq-x44f-9fgg

Severity

9.8

Critical

CVSS V3

Summary

Authentication Bypass in github.com/russellhaering/gosaml2

Description

Impact

Given a valid SAML Response, it may be possible for an attacker to mutate the XML document in such a way that gosaml2 will trust a different portion of the document than was signed.

Depending on the implementation of the Service Provider this enables a variety of attacks, including users accessing accounts other than the one to which they authenticated in the Identity Provider, or full authentication bypass.

Patches

Service Providers utilizing gosaml2 should upgrade to v0.6.0 or greater.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation