In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-11T00:00:00
Updated: 2024-08-01T23:52:05.515Z
Reserved: 2024-02-11T00:00:00
Link: CVE-2024-25718
Vulnrichment
Updated: 2024-08-01T23:52:05.515Z
NVD
Status : Awaiting Analysis
Published: 2024-02-11T05:15:08.463
Modified: 2024-08-01T20:35:25.977
Link: CVE-2024-25718
Redhat
No data.