CVE-2019-3465

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3465
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3465.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-3465
Aliases
Downstream
Published
2019-11-07T20:15:11Z
Modified
2025-10-25T12:06:53.907474Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.

References

Affected packages

Git / github.com/cesnet/proxystatistics-simplesamlphp-module

Affected ranges

Type
GIT
Repo
https://github.com/cesnet/proxystatistics-simplesamlphp-module
Events
Introduced
9483bc565221fa8856bdcb80787750641f511bbd

Affected versions

v2.*

v2.0.0

Git / github.com/cesnet/proxystatistics-simplesamlphp-module

Affected ranges

Type
GIT
Repo
https://github.com/robrichards/xmlseclibs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0a53d3c3aa87564910cae4ed01416441d3ae0db5

Affected versions

1.*

1.3.2
1.4.0

2.*

2.0.0
2.0.1

3.*

3.0.0
3.0.1
3.0.2
3.0.3

Git / github.com/cesnet/proxystatistics-simplesamlphp-module

Affected ranges

Type
GIT
Repo
https://github.com/simplesamlphp/simplesamlphp
Events
Introduced
3fad70092c503d0ef02fe395ef24ab5d5d836f51

Affected versions

v2.*

v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.0-rc1
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.3.0
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0-rc1
v2.5.0-rc2