Skip to content

Commit f5cef3b

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-8gqj-226h-gm8r GHSA-rwj2-w85g-5cmm GHSA-wjmp-wphq-jvqf
1 parent 35d6dfa commit f5cef3b

File tree

3 files changed

+21
-7
lines changed

3 files changed

+21
-7
lines changed

advisories/github-reviewed/2025/05/GHSA-8gqj-226h-gm8r/GHSA-8gqj-226h-gm8r.json

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-8gqj-226h-gm8r",
4-
"modified": "2025-05-06T21:19:22Z",
4+
"modified": "2025-05-06T21:43:54Z",
55
"published": "2025-05-06T21:18:49Z",
66
"aliases": [
77
"CVE-2025-46573"
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-8gqj-226h-gm8r"
4545
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46573"
49+
},
4650
{
4751
"type": "WEB",
4852
"url": "https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181"
@@ -54,11 +58,12 @@
5458
],
5559
"database_specific": {
5660
"cwe_ids": [
61+
"CWE-287",
5762
"CWE-290"
5863
],
5964
"severity": "CRITICAL",
6065
"github_reviewed": true,
6166
"github_reviewed_at": "2025-05-06T21:18:49Z",
62-
"nvd_published_at": null
67+
"nvd_published_at": "2025-05-06T21:16:20Z"
6368
}
6469
}

advisories/github-reviewed/2025/05/GHSA-rwj2-w85g-5cmm/GHSA-rwj2-w85g-5cmm.json

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rwj2-w85g-5cmm",
4-
"modified": "2025-05-06T16:45:17Z",
4+
"modified": "2025-05-06T21:44:02Z",
55
"published": "2025-05-06T16:45:17Z",
66
"aliases": [
77
"CVE-2025-46816"
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-rwj2-w85g-5cmm"
4545
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46816"
49+
},
4650
{
4751
"type": "WEB",
4852
"url": "https://github.com/patrickhener/goshs/commit/160220974576afe5111485b8d12fd36058984cfa"
@@ -60,6 +64,6 @@
6064
"severity": "CRITICAL",
6165
"github_reviewed": true,
6266
"github_reviewed_at": "2025-05-06T16:45:17Z",
63-
"nvd_published_at": null
67+
"nvd_published_at": "2025-05-06T19:16:00Z"
6468
}
6569
}

advisories/github-reviewed/2025/05/GHSA-wjmp-wphq-jvqf/GHSA-wjmp-wphq-jvqf.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-wjmp-wphq-jvqf",
4-
"modified": "2025-05-06T21:19:04Z",
4+
"modified": "2025-05-06T21:43:47Z",
55
"published": "2025-05-06T21:18:43Z",
66
"aliases": [
77
"CVE-2025-46572"
88
],
99
"summary": "Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping",
10-
"details": "### Overview\nThis vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP.\n\n### Am I Affected?\nYou are affected by this SAML Signature Wrapping vulnerability if you are using `passport-wsfed-saml2` version 4.5.1 or below, specifically under the following conditions:\n1. The service provider is using `passport-wsfed-saml2`,\n2. A valid SAML document signed by the Identity Provider can be obtained.\n\n### Fix\nUpgrade to v4.6.4 or greater.",
10+
"details": "### Overview\nThis vulnerability allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP.\n\n### Am I Affected?\nYou are affected by this SAML Signature Wrapping vulnerability if you are using `passport-wsfed-saml2` version 4.6.3 or below, specifically under the following conditions:\n1. The service provider is using `passport-wsfed-saml2`,\n2. A valid SAML document signed by the Identity Provider can be obtained.\n\n### Fix\nUpgrade to v4.6.4 or greater.",
1111
"severity": [
1212
{
1313
"type": "CVSS_V4",
@@ -43,6 +43,10 @@
4343
"type": "WEB",
4444
"url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-wjmp-wphq-jvqf"
4545
},
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46572"
49+
},
4650
{
4751
"type": "WEB",
4852
"url": "https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181"
@@ -54,11 +58,12 @@
5458
],
5559
"database_specific": {
5660
"cwe_ids": [
61+
"CWE-287",
5762
"CWE-347"
5863
],
5964
"severity": "CRITICAL",
6065
"github_reviewed": true,
6166
"github_reviewed_at": "2025-05-06T21:18:43Z",
62-
"nvd_published_at": null
67+
"nvd_published_at": "2025-05-06T21:16:20Z"
6368
}
6469
}

0 commit comments

Comments
 (0)