UBUNTU-CVE-2022-41912

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-41912

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-41912.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-41912

Related

CVE-2022-41912

Published

2022-11-28T15:15:00Z

Modified

2025-01-13T10:23:32Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version.

References

Affected packages

Ubuntu:22.04:LTS / golang-github-crewjam-saml

Package

Name: golang-github-crewjam-saml
Purl: pkg:deb/ubuntu/golang-github-crewjam-saml@0.4.6-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.5+git20201228.07f15a6-2

0.4.6-1

0.4.6-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / golang-github-crewjam-saml

Package

Name: golang-github-crewjam-saml
Purl: pkg:deb/ubuntu/golang-github-crewjam-saml@0.4.12-2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.12-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-github-crewjam-saml

Package

Name: golang-github-crewjam-saml
Purl: pkg:deb/ubuntu/golang-github-crewjam-saml@0.4.12-2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.12-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}