CVE-2021-21239Improper Verification of Cryptographic Signature in Pysaml2

CWE-347Improper Verification of Cryptographic Signature8 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
2.9%
top 13.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Identitypython Pysaml2Pysaml2 Project Pysaml2Debian Python-pysaml2+1 more
Timeline
PublishedJan 21
Latest updateSep 8

Description

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 acc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/python-pysaml2< python-pysaml2 6.5.1-1 (bookworm)
CVEListV5identitypython/pysaml2< 6.5.0

Also affects: Debian Linux 9.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Improper Verification of Cryptographic Signature in PySAML22021-01-21
OSV
CVE-2021-21239: PySAML2 is a pure python implementation of SAML Version 2 Standard2021-01-21
GHSA
Improper Verification of Cryptographic Signature in PySAML22021-01-21

📋Vendor Advisories

4
Ubuntu
PySAML2 vulnerability2021-09-08
Ubuntu
PySAML2 vulnerability2021-09-08
Red Hat
python-pysaml2: An improper verification of cryptographic signature2021-01-21
Debian
CVE-2021-21239: python-pysaml2 - PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 befo...2021
CVE-2021-21239 — Identitypython Pysaml2 vulnerability | cvebase