An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-22T20:48:23
Updated: 2024-08-04T12:18:17.852Z
Reserved: 2020-05-22T00:00:00
Link: CVE-2020-13415
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-05-22T21:15:12.817
Modified: 2020-05-26T19:55:30.020
Link: CVE-2020-13415
Redhat
No data.