EIQ-2020-0003#
ID |
EIQ-2020-0003 |
|---|---|
CVE |
|
Description |
PySAML2 before 5.0.0 is vulnerable to XML Signature Wrapping (XSW) vulnerability |
Date |
03 Feb 2020 |
Severity |
3 - HIGH |
CVSSv3 score |
7.5 |
Status |
✅ 2.7.0 |
Assessment |
A SAML document can consist of several elements that can be linked together. It is possible to create a document where data inside the signed element of a document refers to information inside the same document but outside the signed element. This specifically affects the verification of signed security-token assertions. |
Mitigation |
Upgrade to EclecticIQ Platform 2.7.0 or later. |
Affected versions |
2.6.0 and earlier. |
Notes |
For more information, see |