Description
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2017-16897
Related Vulnerabilities
CVE-2019-10087 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2021-41183 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2020-35216 Vulnerability in maven package io.atomix:atomix
CVE-2018-17960 Vulnerability in maven package org.webjars:ckeditor
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:tomcat-jasper