Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2022-39300

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround.

Published: Oct 14, 2022
Updated: May 9, 2024
CVE: CVE-2022-39300
GHSA: GHSA-5p8w-2mvw-38pv
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-347

Affected Software
References

Software	From	Fixed in
node_saml_project / node_saml	4.0.0-beta1	4.0.0-beta1.x
node_saml_project / node_saml	4.0.0-beta2	4.0.0-beta2.x
node_saml_project / node_saml	4.0.0-beta0	4.0.0-beta0.x
node_saml_project / node_saml	4.0.0-beta3	4.0.0-beta3.x
node_saml_project / node_saml	4.0.0-beta4	4.0.0-beta4.x
node_saml_project / node_saml	-	4.0.0
node-saml	-	4.0.0-beta.5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo