The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Opensaml | Ubuntu | esm-apps/focal | * |
Opensaml | Ubuntu | esm-apps/jammy | * |
Opensaml | Ubuntu | esm-apps/noble | * |
Opensaml | Ubuntu | focal | * |
Opensaml | Ubuntu | jammy | * |
Opensaml | Ubuntu | noble | * |
Opensaml | Ubuntu | oracular | * |
Opensaml | Ubuntu | plucky | * |
Opensaml | Ubuntu | upstream | * |
Opensaml2 | Ubuntu | bionic | * |
Opensaml2 | Ubuntu | esm-apps/bionic | * |
Opensaml2 | Ubuntu | esm-apps/xenial | * |
Opensaml2 | Ubuntu | trusty | * |
Opensaml2 | Ubuntu | xenial | * |