GSD-2022-26493

Vulnerability from gsd - Updated: 2023-12-13 01:19
Details
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9.
Aliases
Aliases
CVE-2022-26493
To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-26493",
    "description": "Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module\u0027s default settings which require the options \"Either sign SAML assertions\" and \"x509 certificate\". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions.",
    "id": "GSD-2022-26493"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26493"
      ],
      "details": "Xecurify\u0027s miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9.",
      "id": "GSD-2022-26493",
      "modified": "2023-12-13T01:19:39.396947Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@drupal.org",
        "ID": "CVE-2022-26493",
        "STATE": "PUBLIC",
        "TITLE": "miniOrange SAML Authentication Bypass"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Drupal 8 miniOrange SAML SP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Premium",
                          "version_value": "30.5"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Standard",
                          "version_value": "20.3"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Enterprise",
                          "version_value": "40.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Drupal 9 miniOrange SAML SP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Premium",
                          "version_value": "30.5"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Standard",
                          "version_value": "20.3"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Enterprise",
                          "version_value": "40.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Drupal 7 miniOrange SAML SP",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Premium",
                          "version_value": "30.2"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Standard",
                          "version_value": "20.2"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "miniOrange Enterprise",
                          "version_value": "40.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Xecuify"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Xecurify\u0027s miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Authentication Bypass via SAML Manipulation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html",
            "refsource": "MISC",
            "url": "https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "The open source version of this module is not impacted. \n\nFor Drupal 8/9:\nminiOrange Premium users should upgrade their miniOrange modules to version 30.5 or higher. \nminiOrange Standard users should upgrade their miniOrange modules to version 20.3 or higher. \nminiOrange Enterprise users should upgrade their miniOrange modules to version 40.4 or higher. \n\nFor Drupal 7:\nminiOrange Premium users should upgrade their miniOrange modules to version 30.2 or higher. \nminiOrange Standard users should upgrade their miniOrange modules to version 20.2 or higher. \nminiOrange Enterprise users should upgrade their miniOrange modules to version 40.2 or higher. \n\nAll users should ensure certificate and SAML signature enforcement are enabled. "
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:drupal:saml_sp_2.0_single_sign_on:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.x-2.57",
                "versionStartIncluding": "7.x",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:drupal:saml_sp_2.0_single_sign_on:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.x-2.24",
                "versionStartIncluding": "8.x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@drupal.org",
          "ID": "CVE-2022-26493"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Xecurify\u0027s miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-07-03T19:15Z",
      "publishedDate": "2022-06-03T18:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.