The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
References
Link | Resource |
---|---|
https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0 | Patch Third Party Advisory |
https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0 | Patch Third Party Advisory |
https://github.com/TykTechnologies/tyk-identity-broker/pull/147 | Patch Third Party Advisory |
https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1 | Release Notes Third Party Advisory |
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2021-04-26T00:00:00
Updated: 2021-04-26T10:05:32
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23365
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-26T10:15:12.597
Modified: 2021-05-19T13:00:45.973
Link: CVE-2021-23365
JSON object: View
Redhat Information
No data.
CWE