OneLogin Ruby-SAML 1.5.0

CPE Details

OneLogin Ruby-SAML 1.5.0
onelogin
ruby-saml
1.5.0
2019-06-19
23h24 +00:00
2019-06-19
23h24 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:onelogin:ruby-saml:1.5.0:*:*:*:*:*:*:*

Informations

Vendor

onelogin

Product

ruby-saml

Version

1.5.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-45409 2024-09-10 18h50 +00:00 The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.
10
Critique
CVE-2017-11428 2019-04-17 11h59 +00:00 OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
9.8
Critique