Add CVE-2017-11428 for ruby-saml (rubysec#329)

ghiculescu · Feb 27, 2018 · 5fa3cc2 · 5fa3cc2
1 parent 4e52574
commit 5fa3cc2
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/gems/ruby-saml/CVE-2017-11428.yml b/gems/ruby-saml/CVE-2017-11428.yml
@@ -0,0 +1,27 @@
+---
+gem: ruby-saml
+cve: 2017-11428
+url: https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
+title: Authentication bypass via incorrect XML canonicalization and DOM traversal
+date: 2018-02-27
+description: |
+  ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect
+  XML canonicalization and DOM traversal. Specifically, there are inconsistencies in
+  handling of comments within XML nodes, resulting in incorrect parsing of the inner text
+  of XML nodes such that any inner text after the comment is lost prior to
+  cryptographically signing the SAML message. Text after the comment therefore has no
+  impact on the signature on the SAML message.
+
+  A remote attacker can modify SAML content for a SAML service provider without
+  invalidating the cryptographic signature, which may allow attackers to bypass
+  primary authentication for the affected SAML service provider.
+
+cvss_v2: 6.3
+
+patched_versions:
+  - ">= 1.7.0"
+
+related:
+  url:
+    - https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
+    - https://www.kb.cert.org/vuls/id/475445