=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2022/VULN382

_____________________________________________________________________

DATE                : 14/10/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running node-saml (npm) versions prior
                                   to 4.0.0-beta.5.

=====================================================================
https://github.com/node-saml/node-saml/security/advisories/GHSA-5p8w-2mvw-38pv
_____________________________________________________________________


Signature bypass via multiple root elements
High	cjbarth published GHSA-5p8w-2mvw-38pv


Package
  node-saml (npm)

Affected versions
<4.0.0-beta.5

Patched versions
4.0.0-beta.5

Description

Impact
A remote attacker may be able to bypass SAML authentication on a
website using passport-saml. A successful attack requires that the
attacker is in possession of an arbitrary IDP signed XML element.
  on the IDP used, fully unauthenticated attacks (e.g without access
to a valid user) might also be feasible if generation of a signed
message can be triggered.


Patches
Users should upgrade to node-saml v4.0.0-beta5 or newer.


Workarounds
Disable SAML authentication.


References
Are there any links users can visit to find out more?


For more information
If you have any questions or comments about this advisory:

Open a discussion in the node-saml repo


Credits
Felix Wilhelm of Google Project Zero

Severity
High

CVE ID
CVE-2022-39300

Weaknesses
No CWEs

Credits
@felixwilhelm felixwilhelm


Srinivas Sista
Google Chrome

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================