CVE-2021-39171 - OpenCVE

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Passport-saml Project	Passport-saml

Configuration 1 [-]

cpe:2.3:a:passport-saml_project:passport-saml:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/node-saml/passport-saml/pull/595
https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-08-27T22:05:11

Updated: 2024-08-04T01:58:18.150Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39171

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-27T22:15:07.267

Modified: 2021-09-07T18:36:11.873

Link: CVE-2021-39171

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "passport-saml", "vendor": "node-saml", "versions": [{"status": "affected", "version": "< 3.1.0"}]}], "descriptions": [{"lang": "en", "value": "Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-27T22:05:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/node-saml/passport-saml/pull/595"}], "source": {"advisory": "GHSA-5379-r78w-42h2", "discovery": "UNKNOWN"}, "title": "Unlimited transforms allowed for signed nodes", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39171", "STATE": "PUBLIC", "TITLE": "Unlimited transforms allowed for signed nodes"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "passport-saml", "version": {"version_data": [{"version_value": "< 3.1.0"}]}}]}, "vendor_name": "node-saml"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2", "refsource": "CONFIRM", "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2"}, {"name": "https://github.com/node-saml/passport-saml/pull/595", "refsource": "MISC", "url": "https://github.com/node-saml/passport-saml/pull/595"}]}, "source": {"advisory": "GHSA-5379-r78w-42h2", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:18.150Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/node-saml/passport-saml/pull/595"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39171", "datePublished": "2021-08-27T22:05:11", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:58:18.150Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:passport-saml_project:passport-saml:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "C05B72FD-D09E-4D1F-AE7C-F3E101B60045", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an effective way to perform a denial-of-service attack. This has been resolved in version 3.1.0. The resolution is to limit the number of allowable transforms to 2."}, {"lang": "es", "value": "Passport-SAML es un proveedor de autenticaci\u00f3n SAML versi\u00f3n 2.0 para Passport, la biblioteca de autenticaci\u00f3n de Node.js. Anterior a la versi\u00f3n 3.1.0, una carga \u00fatil SAML maliciosa puede requerir transformaciones que consumen recursos significativos del sistema para procesar, y por lo tanto, resultando en un servicio reducido o denegado. Esta ser\u00eda una manera efectiva de llevar a cabo un ataque de denegaci\u00f3n de servicio. Esto ha sido resuelto en versi\u00f3n 3.1.0. La resoluci\u00f3n consiste en limitar el n\u00famero de transformaciones permitidas a 2."}], "id": "CVE-2021-39171", "lastModified": "2021-09-07T18:36:11.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-08-27T22:15:07.267", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/node-saml/passport-saml/pull/595"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-5379-r78w-42h2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}]}