Description
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2017-16897
Related Vulnerabilities
CVE-2023-22832 Vulnerability in maven package org.apache.nifi:nifi-ccda-processors
CVE-2020-10705 Vulnerability in maven package io.undertow:undertow-core
CVE-2023-31058 Vulnerability in maven package org.apache.inlong:manager-common
CVE-2022-36921 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq