CVE-2019-3465

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3465

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3465.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-3465

Aliases

GHSA-pqm6-cgwr-x6pf

Related

Published

2019-11-07T20:15:11Z

Modified

2024-10-12T05:12:20.093739Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.

References

Affected packages

Debian:11 / simplesamlphp

Package

Name: simplesamlphp
Purl: pkg:deb/debian/simplesamlphp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.6-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / simplesamlphp

Package

Name: simplesamlphp
Purl: pkg:deb/debian/simplesamlphp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.6-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / simplesamlphp

Package

Name: simplesamlphp
Purl: pkg:deb/debian/simplesamlphp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.6-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/cesnet/proxystatistics-simplesamlphp-module

Affected ranges

Type: GIT
Repo: https://github.com/cesnet/proxystatistics-simplesamlphp-module
Events: Introduced

9483bc565221fa8856bdcb80787750641f511bbd

Last affected

2304b5a8d449507d48fb1db335b7d55a1338afa0

Type: GIT
Repo: https://github.com/robrichards/xmlseclibs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0a53d3c3aa87564910cae4ed01416441d3ae0db5

Type: GIT
Repo: https://github.com/simplesamlphp/simplesamlphp
Events: Introduced

3fad70092c503d0ef02fe395ef24ab5d5d836f51

Last affected

567e3350ae4a363305187984217381a65d57bdb3

Affected versions

1.*

1.3.2

1.4.0

2.*

2.0.0

2.0.1

3.*

3.0.0

3.0.1

3.0.2

3.0.3

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.1.0

v2.1.0-rc1