CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.0%
com.linecorp.armeria: armeria-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper filtering of SAML messages, allowing attackers to craft malicious messages to bypass authentication functionality.
armeria.dev/release-notes/1.27.2/
github.com/advisories/GHSA-4m6j-23p2-8c54
github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163
github.com/line/armeria/commit/b2aa9f49b46a7b0e03d8b8d753809cd1e8e2016c
github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54