Vulnerability-Lookup

CVE-2021-21238 (GCVE-0-2021-21238)

Vulnerability from cvelistv5 – Published: 2021-01-21 14:15 – Updated: 2024-08-03 18:09

Title

SAML XML Signature wrapping

Summary

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	IdentityPython	pysaml2	Affected: < 6.5.0

GHSA-F4G9-H89H-JGV9

Vulnerability from github – Published: 2021-01-21 14:12 – Updated: 2024-10-14 15:50

Summary

SAML XML Signature wrapping in PySAML2

Details

Impact

All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 <= 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elements with a valid signature inside elements whose content has been malformed. The verification is offloaded to xmlsec1 and xmlsec1 will not validate every signature in the given document, but only the first it finds in the given scope.

Patches

Users should upgrade to pysaml2 v6.5.0.

Workarounds

No workaround provided at this point.

References

No references provided at this point.

Credits

Victor Schönfelder Garcia (isits AG International School of IT Security)
Juraj Somorovsky (Paderborn University)
Vladislav Mladenov (Ruhr University Bochum)

For more information

If you have any questions or comments about this advisory: * Open an issue in pysaml2 * Email us at the incident-response address

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pysaml2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-01-21T14:11:38Z",
    "nvd_published_at": "2021-01-21T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAll users of pysaml2 that use the default `CryptoBackendXmlSec1` backend and need to verify signed SAML documents are impacted. `pysaml2 \u003c= 6.4.1` does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting elements with a valid signature inside elements whose content has been malformed. The verification is offloaded to `xmlsec1` and `xmlsec1` will not validate every signature in the given document, but only the first it finds in the given scope.\n\n### Patches\n\nUsers should upgrade to pysaml2 `v6.5.0`.\n\n### Workarounds\n\nNo workaround provided at this point.\n\n### References\n\nNo references provided at this point.\n\n### Credits\n\n- Victor Scho\u0308nfelder Garcia (isits AG International School of IT Security)\n- Juraj Somorovsky (Paderborn University)\n- Vladislav Mladenov (Ruhr University Bochum)\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [pysaml2](https://github.com/IdentityPython/pysaml2)\n* Email us at [the incident-response address](mailto:incident-response@idpy.org)",
  "id": "GHSA-f4g9-h89h-jgv9",
  "modified": "2024-10-14T15:50:30Z",
  "published": "2021-01-21T14:12:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21238"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/IdentityPython/pysaml2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2021-48.yaml"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/pysaml2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SAML XML Signature wrapping in PySAML2"
}

FKIE_CVE-2021-21238

Vulnerability from fkie_nvd - Published: 2021-01-21 15:15 - Updated: 2024-11-21 05:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0	Third Party Advisory
security-advisories@github.com	https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9	Third Party Advisory
security-advisories@github.com	https://pypi.org/project/pysaml2	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://pypi.org/project/pysaml2	Product, Third Party Advisory

Impacted products

	Vendor	Product	Version
	pysaml2_project	pysaml2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94B9227-93A8-4D3D-A8C3-E56F3A84F8B2",
              "versionEndExcluding": "6.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0."
    },
    {
      "lang": "es",
      "value": "PySAML2 es una implementaci\u00f3n de Python pura de SAML Versi\u00f3n 2 Est\u00e1ndar. PySAML2 versiones anteriores a 6.5.0, presenta una verificaci\u00f3n inapropiada de una vulnerabilidad de firma criptogr\u00e1fica. Todos los usuarios de pysaml2 que necesitan comprobar documentos SAML firmados est\u00e1n afectados. La vulnerabilidad es una variante del empaquetado de firma XML porque no valid\u00f3 el documento SAML con un esquema XML. Esto permiti\u00f3 que documentos XML sean procesados no v\u00e1lidos y dicho documento puede enga\u00f1ar a pysaml2 con una firma empaquetada. Esto es corregido en PySAML2 versi\u00f3n 6.5.0"
    }
  ],
  "id": "CVE-2021-21238",
  "lastModified": "2024-11-21T05:47:50.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-21T15:15:14.110",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://pypi.org/project/pysaml2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://pypi.org/project/pysaml2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2021-21238

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-21238

Aliases

CVE-2021-21238

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21238",
    "description": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.",
    "id": "GSD-2021-21238",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-21238.html",
      "https://security.archlinux.org/CVE-2021-21238"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21238"
      ],
      "details": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.",
      "id": "GSD-2021-21238",
      "modified": "2023-12-13T01:23:10.876543Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-21238",
        "STATE": "PUBLIC",
        "TITLE": "SAML XML Signature wrapping"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "pysaml2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 6.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IdentityPython"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-347 Improper Verification of Cryptographic Signature"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://pypi.org/project/pysaml2",
            "refsource": "MISC",
            "url": "https://pypi.org/project/pysaml2"
          },
          {
            "name": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0",
            "refsource": "MISC",
            "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
          },
          {
            "name": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9",
            "refsource": "CONFIRM",
            "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"
          },
          {
            "name": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14",
            "refsource": "MISC",
            "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-f4g9-h89h-jgv9",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c6.5.0",
          "affected_versions": "All versions before 6.5.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-347",
            "CWE-937"
          ],
          "date": "2021-01-29",
          "description": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 ",
          "fixed_versions": [
            "6.5.0"
          ],
          "identifier": "CVE-2021-21238",
          "identifiers": [
            "CVE-2021-21238",
            "GHSA-f4g9-h89h-jgv9"
          ],
          "not_impacted": "All versions starting from 6.5.0",
          "package_slug": "pypi/pysaml2",
          "pubdate": "2021-01-21",
          "solution": "Upgrade to version 6.5.0 or above.",
          "title": "Improper Verification of Cryptographic Signature",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-21238"
          ],
          "uuid": "953fd629-865b-4af3-ac39-ab0c2d588a77"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21238"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pypi.org/project/pysaml2",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://pypi.org/project/pysaml2"
            },
            {
              "name": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
            },
            {
              "name": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"
            },
            {
              "name": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-01-29T17:58Z",
      "publishedDate": "2021-01-21T15:15Z"
    }
  }
}

PYSEC-2021-48

Vulnerability from pysec - Published: 2021-01-21 15:15 - Updated: 2021-01-29 17:58

Details

Impacted products

Name	purl
pysaml2	pkg:pypi/pysaml2

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pysaml2",
        "purl": "pkg:pypi/pysaml2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1d8fd268f5bf887480a403a7a5ef8f048157cc14"
            }
          ],
          "repo": "https://github.com/IdentityPython/pysaml2",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.4.3",
        "1.0.1",
        "1.0.2",
        "1.0.3",
        "1.1.0",
        "2.0.0",
        "2.1.0",
        "2.2.0",
        "2.3.0",
        "2.4.0",
        "3.0.0",
        "3.0.2",
        "4.0.0",
        "4.0.1",
        "4.0.2",
        "4.0.3",
        "4.0.4",
        "4.0.5rc1",
        "4.0.5",
        "4.1.0",
        "4.2.0",
        "4.3.0",
        "4.4.0",
        "4.5.0",
        "4.6.0",
        "4.6.1",
        "4.6.2",
        "4.6.3",
        "4.6.4",
        "4.6.5",
        "4.7.0",
        "4.8.0",
        "4.9.0",
        "5.0.0",
        "5.1.0",
        "5.2.0",
        "5.3.0",
        "5.4.0",
        "6.0.0",
        "6.1.0",
        "6.2.0",
        "6.3.0",
        "6.3.1",
        "6.4.0",
        "6.4.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21238",
    "GHSA-f4g9-h89h-jgv9"
  ],
  "details": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.",
  "id": "PYSEC-2021-48",
  "modified": "2021-01-29T17:58:00Z",
  "published": "2021-01-21T15:15:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://pypi.org/project/pysaml2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"
    },
    {
      "type": "FIX",
      "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"
    }
  ]
}

CVE-2021-21238

Vulnerability from fstec - Published: 21.01.2021

Title

Уязвимость библиотеки для обмена идентификационными данными по стандарту SAML2 PySAML2, связанная с неправильной проверкой криптографической подписи, позволяющая нарушителю обойти проверку подписи и получить доступ к защищаемой информации

Description

Уязвимость библиотеки для обмена идентификационными данными по стандарту SAML2 PySAML2 связана с вариантом упаковки XML-подписи, поскольку она не проверяет документ SAML на соответствие схеме XML. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти проверку подписи и получить доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Vendor

ООО «Ред Софт», The IdentityPython project

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), PySAML2

Software Version

7.3 (РЕД ОС), до 6.5.0 (PySAML2)

Possible Mitigations

Для pysaml2: https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14 https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14 https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 https://redos.red-soft.ru/support/secure/

CWE

CWE-347

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, The IdentityPython project",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 6.5.0 (PySAML2)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f pysaml2:\nhttps://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14\nhttps://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 \nhttps://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.04.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02841",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-21238",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), PySAML2",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0443 SAML2 PySAML2, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 (CWE-347)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0443 SAML2 PySAML2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u043e\u043c \u0443\u043f\u0430\u043a\u043e\u0432\u043a\u0438 XML-\u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0430 \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 SAML \u043d\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u0441\u0445\u0435\u043c\u0435 XML. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14\nhttps://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0\nhttps://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9\nhttps://redos.red-soft.ru/support/secure/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-347",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21238 (GCVE-0-2021-21238)

GHSA-F4G9-H89H-JGV9

Impact

Patches

Workarounds

References

Credits

For more information

FKIE_CVE-2021-21238

GSD-2021-21238

PYSEC-2021-48

CVE-2021-21238

Tags

Sightings

Nomenclature