Auth0

Passport-wsfed-saml2

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-46573

  • EPSS 0.08%
  • Veröffentlicht 06.05.2025 20:22:00
  • Zuletzt bearbeitet 07.05.2025 16:15:22

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering...

9.3

CVE-2025-46572

  • EPSS 0.08%
  • Veröffentlicht 06.05.2025 20:18:26
  • Zuletzt bearbeitet 07.05.2025 17:15:58

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting ...

7.5

CVE-2022-23505

  • EPSS 0.43%
  • Veröffentlicht 13.12.2022 08:15:09
  • Zuletzt bearbeitet 21.11.2024 06:48:42

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful att...

9.3

CVE-2017-16897

  • EPSS 0.42%
  • Veröffentlicht 27.12.2017 17:08:17
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does no...