CVE-2024-47832: SSOReady has an XML Signature Bypass via differential XML parsing
Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers.
Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. The documentation for self-hosting SSOReady is available here.
Vulnerability was discovered by @ahacker1-securesaml. It’s likely the precise mechanism of attack affects other SAML implementations, so the reporter and I (@ucarion) have agreed to not disclose it in detail publicly at this time.
References
- github.com/advisories/GHSA-j2hr-q93x-gxvh
- github.com/ssoready/ssoready
- github.com/ssoready/ssoready/commit/7f92a0630439972fcbefa8c7eafe8c144bd89915
- github.com/ssoready/ssoready/security/advisories/GHSA-j2hr-q93x-gxvh
- nvd.nist.gov/vuln/detail/CVE-2024-47832
- pkg.go.dev/vuln/GO-2024-3185
- ssoready.com/docs/self-hosting/self-hosting-sso-ready
Code Behaviors & Features
Detect and mitigate CVE-2024-47832 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →