admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-03 19:00:51 +00:00
parent 4b3ba3eaf9
commit 37065713b6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
2022/26xxx/CVE-2022-26493.json
View File

@ -91,7 +91,7 @@
"description_data": [
{
"lang": "eng",
"value": "Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9."
"value": "Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9."
}
]
},
@ -129,8 +129,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html"
"refsource": "MISC",
"url": "https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html",
"name": "https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html"
}
]
},
@ -143,4 +144,4 @@
"source": {
"discovery": "INTERNAL"
}
}
}