CVE-2020-12676

Critical

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a…

mitre·CWE-347·Published 2020-10-02

CVSS

9.1

EPSS

0.03

KEV

Exploits

cve.orgen

191 chars

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

NVDen

191 chars

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

FusionAuth fusionauth-samlv2 versión 0.2.3, permite a atacantes remotos falsificar mensajes y omitir la autenticación por medio de una aserción de SAML que carece de un elemento de Firma, también se conoce como "Signature exclusion attack"

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N