Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubexploit44B92078-AA38-54DE-868C-A87FB237583A
HistoryOct 31, 2022 - 1:24 p.m.

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml Project Passport-Saml

2022-10-3113:24:34
409
passport-saml
saml sso
cve-2022-39299
multi-tenant apps
authentication bypass
xml signature
remote attacker
doyensec
proof of concept
poc generator
validatepostresponse function
passport-saml-2.0.0
xml parser
xpath
authentication logic

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

JSON

Exploiting CVE-2022-39299

Signature bypass via multiple ro…

This is an article that belongs to githubexploit private collection.
Please sign in to get more Information.

Related

osv 4
prion 2
ibm 1
nvd 2
cve 2
github 2
veracode 1
cvelist 2
ubuntucve 1
debiancve 1
redhatcve 1
openvas 1
nessus 2
debian 1
osv
osv
CVE-2022-39299
2022-10-12 21:15:09
Signature bypass via multiple root elements
2022-10-12 22:05:41
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
prion
prion
Authentication flaw
2022-10-12 21:15:00
Design/Logic Flaw
2022-11-02 17:15:00
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )
2024-08-08 14:33:56
nvd
nvd
CVE-2022-39299
2022-10-12 21:15:09
CVE-2022-39353
2022-11-02 17:15:17
cve
cve
CVE-2022-39299
2022-10-12 21:15:09
CVE-2022-39353
2022-11-02 17:15:17
github
github
Signature bypass via multiple root elements
2022-10-12 22:05:41
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
veracode
veracode
Improper Verification Of Cryptographic Signature
2022-10-14 11:00:44
cvelist
cvelist
CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML
2022-10-12 00:00:00
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
2022-11-02 00:00:00
ubuntucve
ubuntucve
CVE-2022-39353
2022-11-02 00:00:00
debiancve
debiancve
CVE-2022-39353
2022-11-02 17:15:17
redhatcve
redhatcve
CVE-2022-39353
2022-11-14 03:56:39
openvas
openvas
Debian: Security Advisory (DLA-3260-1)
2023-01-02 00:00:00
nessus
nessus
Debian DLA-3260-1 : node-xmldom - LTS security update
2023-01-07 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
2023-05-24 00:00:00
debian
debian
[SECURITY] [DLA 3260-1] node-xmldom security update
2023-01-01 17:00:48

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

83.1%

JSON
Related for 44B92078-AA38-54DE-868C-A87FB237583A
osv4prion2ibm1nvd2cve2github2veracode1cvelist2ubuntucve1debiancve1redhatcve1openvas1nessus2debian1