CVE-2021-21238 - OpenCVE

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pysaml2 Project	Pysaml2

Configuration 1 [-]

cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14
https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0
https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9
https://nvd.nist.gov/vuln/detail/CVE-2021-21238
https://pypi.org/project/pysaml2
https://www.cve.org/CVERecord?id=CVE-2021-21238

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-01-21T14:15:27

Updated: 2024-08-03T18:09:15.156Z

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21238

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-21T15:15:14.110

Modified: 2021-01-29T17:58:02.147

Link: CVE-2021-21238

Redhat

Severity : Moderate

Publid Date: 2021-01-21T00:00:00Z

Links: CVE-2021-21238 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "pysaml2", "vendor": "IdentityPython", "versions": [{"status": "affected", "version": "< 6.5.0"}]}], "descriptions": [{"lang": "en", "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-21T14:15:27", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pypi.org/project/pysaml2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"}], "source": {"advisory": "GHSA-f4g9-h89h-jgv9", "discovery": "UNKNOWN"}, "title": "SAML XML Signature wrapping", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21238", "STATE": "PUBLIC", "TITLE": "SAML XML Signature wrapping"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pysaml2", "version": {"version_data": [{"version_value": "< 6.5.0"}]}}]}, "vendor_name": "IdentityPython"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347 Improper Verification of Cryptographic Signature"}]}]}, "references": {"reference_data": [{"name": "https://pypi.org/project/pysaml2", "refsource": "MISC", "url": "https://pypi.org/project/pysaml2"}, {"name": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0", "refsource": "MISC", "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"}, {"name": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9", "refsource": "CONFIRM", "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"}, {"name": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14", "refsource": "MISC", "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"}]}, "source": {"advisory": "GHSA-f4g9-h89h-jgv9", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:09:15.156Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pypi.org/project/pysaml2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21238", "datePublished": "2021-01-21T14:15:27", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:15.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "A94B9227-93A8-4D3D-A8C3-E56F3A84F8B2", "versionEndExcluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0."}, {"lang": "es", "value": "PySAML2 es una implementaci\u00f3n de Python pura de SAML Versi\u00f3n 2 Est\u00e1ndar. PySAML2 versiones anteriores a 6.5.0, presenta una verificaci\u00f3n inapropiada de una vulnerabilidad de firma criptogr\u00e1fica. Todos los usuarios de pysaml2 que necesitan comprobar documentos SAML firmados est\u00e1n afectados. La vulnerabilidad es una variante del empaquetado de firma XML porque no valid\u00f3 el documento SAML con un esquema XML. Esto permiti\u00f3 que documentos XML sean procesados no v\u00e1lidos y dicho documento puede enga\u00f1ar a pysaml2 con una firma empaquetada. Esto es corregido en PySAML2 versi\u00f3n 6.5.0"}], "id": "CVE-2021-21238", "lastModified": "2021-01-29T17:58:02.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-01-21T15:15:14.110", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9"}, {"source": "security-advisories@github.com", "tags": ["Product", "Third Party Advisory"], "url": "https://pypi.org/project/pysaml2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "python-pysaml2: processing of invalid SAML XML documents", "id": "2007591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007591"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-347", "details": ["PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.", "A verification flaw was found in python-pysaml2, where it did not validate signed SAML documents against an XML schema. Because the flaw allowed invalid XML documents to be processed, a network attacker could exploit this flaw by tricking pysaml2 with a wrapped signature."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-21238", "package_state": [{"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "impact": "low", "package_name": "python-pysaml2", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "impact": "low", "package_name": "python-pysaml2", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Will not fix", "impact": "low", "package_name": "python-pysaml2", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "impact": "low", "package_name": "python-pysaml2", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2021-01-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-21238\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21238"], "statement": "All versions of Red Hat OpenStack Platform ship but do not use the flawed check-signature functionality of python-pysaml2. The impact for these products is therefore rated as having a security impact of Low and will not be updated at this time.", "threat_severity": "Moderate", "upstream_fix": "python-pysaml2 6.5.0"}