PT-2021-24376 · Gosaml2+2 · Gosaml2+2
Published
2021-06-23
·
Updated
2021-06-23
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions:
gotrue versions prior to 1.0.0
Description:
The issue affects users leveraging the SAML auth provider due to vulnerabilities in
goxmldsig and gosaml2, which allow signature validation bypass and authentication bypass, respectively.Recommendations:
For versions prior to 1.0.0, upgrade to v1.0.0 or apply the patch with commit hash
a2b4dd6bc4ef7562d1df044098b303f564eefa90. As a temporary workaround, consider disabling the SAML auth provider until the patch is applied. Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gosaml2
Gotrue
Goxmldsig