First published: Mon Nov 28 2022(Updated: )
An authentication bypass flaw was discovered in the crewjam/saml go package. A remote unauthenticated attacker could trigger it by sending a SAML request. This would allow an escalation of privileges and then enable compromising system integrity.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Saml Project Saml | <0.4.9 | |
redhat/crewjam/saml | <0.4.9 | 0.4.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-41912 is an authentication bypass flaw in the crewjam/saml go package.
CVE-2022-41912 has a severity rating of 9.1 (critical).
CVE-2022-41912 affects the crewjam/saml go library prior to version 0.4.9.
To fix CVE-2022-41912, upgrade to version 0.4.9 of the crewjam/saml go library.
No, there are no workarounds for CVE-2022-41912 other than upgrading to version 0.4.9.