{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49087", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-21T18:57:30.429Z", "datePublished": "2023-11-30T05:20:28.298Z", "dateUpdated": "2024-08-02T21:46:29.195Z"}, "containers": {"cna": {"title": "Validation of SignedInfo", "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "lang": "en", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"}, {"name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581", "tags": ["x_refsource_MISC"], "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"}], "affected": [{"vendor": "simplesamlphp", "product": "xml-security", "versions": [{"version": "= 1.6.11", "status": "affected"}, {"version": "= 5.0.0-alpha.12", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-30T05:20:28.298Z"}, "descriptions": [{"lang": "en", "value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."}], "source": {"advisory": "GHSA-ww7x-3gxh-qm6r", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.195Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"}, {"name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simplesamlphp:saml2:5.0.0:alpha12:*:*:*:*:*:*", "matchCriteriaId": "96D08664-7238-4C52-B40E-F32E304DE2D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplesamlphp:xml-security:1.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "3F1375D1-EBBE-4AD5-8271-457C64C948BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."}, {"lang": "es", "value": "xml-security es una librer\u00eda que implementa cifrado y firmas XML. La validaci\u00f3n de una firma XML requiere verificar que el valor hash del documento XML relacionado coincida con un valor DigestValue espec\u00edfico, pero tambi\u00e9n que la firma criptogr\u00e1fica en el \u00e1rbol SignedInfo (el que contiene el DigestValue) verifique y coincida con una clave p\u00fablica confiable. Si un atacante de alguna manera (es decir, explotando un error en la funci\u00f3n de canonicalizaci\u00f3n de PHP) logra manipular el DigestValue de la versi\u00f3n canonicalizada, ser\u00eda posible falsificar la firma. Este problema se solucion\u00f3 en las versiones 1.6.12 y 5.0.0-alpha.13."}], "id": "CVE-2023-49087", "lastModified": "2024-11-21T08:32:47.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-30T06:15:47.173", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "xml-security: insufficient verification of data can lead to signature forging", "id": "2252245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252245"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-345", "details": ["xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.", "A flaw was found in xml-security due to insufficient verification of data authenticity. If an attacker manipulates the canonicalized version's DigestValue, the cryptographic signature on the SignedInfo tree could be forged."], "name": "CVE-2023-49087", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "xml-security-c", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}], "public_date": "2023-11-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-49087\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49087\nhttps://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581\nhttps://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"], "threat_severity": "Moderate"}

{}