Description

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-10-09T18:32:19.800Z

Last Modified :

2024-10-11T16:58:48.177Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47832 vulnerability.

Vendors Products
Ssoready
  • Ssoready
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47832.

URL Resource
https://github.com/ssoready/ssoready/commit/7f92a0630439972fcbefa8c7eafe8c144bd89915 cve-icon cve-icon
https://github.com/ssoready/ssoready/security/advisories/GHSA-j2hr-q93x-gxvh cve-icon cve-icon
https://ssoready.com/docs/self-hosting/self-hosting-sso-ready cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability