PT-2026-44422 · Casdoor · Casdoor
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Casdoor versions prior to 2.362.1
Description
The SAML service provider implementation fails to validate the AudienceRestriction element in SAML assertions. This occurs because the
buildSp() function in object/saml sp.go does not set the AudienceURI on the gosaml2 SAMLServiceProvider struct and ignores WarningInfo.NotInAudience. Consequently, the system may accept assertions intended for other service providers.Recommendations
Update Casdoor to version 2.362.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Casdoor