Lucene search

DrupalCVELIST:CVE-2022-26493

HistoryJun 03, 2022 - 4:00 p.m.

CVE-2022-26493 miniOrange SAML Authentication Bypass

2022-06-0316:00:14

drupal

www.cve.org

cve-2022-26493

miniorange saml

authentication bypass

xecurify drupal saml sp

vulnerability

drupal 7

drupal 8

drupal 9

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Xecurify’s miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9.

CNA Affected

[
  {
    "product": "Drupal 8 miniOrange SAML SP",
    "vendor": "Xecuify",
    "versions": [
      {
        "lessThan": "30.5",
        "status": "affected",
        "version": "miniOrange Premium",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3",
        "status": "affected",
        "version": "miniOrange Standard",
        "versionType": "custom"
      },
      {
        "lessThan": "40.4",
        "status": "affected",
        "version": "miniOrange Enterprise",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Drupal 9 miniOrange SAML SP",
    "vendor": "Xecuify",
    "versions": [
      {
        "lessThan": "30.5",
        "status": "affected",
        "version": "miniOrange Premium",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3",
        "status": "affected",
        "version": "miniOrange Standard",
        "versionType": "custom"
      },
      {
        "lessThan": "40.4",
        "status": "affected",
        "version": "miniOrange Enterprise",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Drupal 7 miniOrange SAML SP",
    "vendor": "Xecuify",
    "versions": [
      {
        "lessThan": "30.2",
        "status": "affected",
        "version": "miniOrange Premium",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2",
        "status": "affected",
        "version": "miniOrange Standard",
        "versionType": "custom"
      },
      {
        "lessThan": "40.2",
        "status": "affected",
        "version": "miniOrange Enterprise",
        "versionType": "custom"
      }
    ]
  }
]

References

rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVELIST:CVE-2022-26493