CVE-2023-40178

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 23, 2023

Updated: Sep 5, 2023

CWE ID 613

CWE ID 347

Summary

CVE-2023-40178 is a vulnerability affecting Node-SAML, a Node.js library for handling Single Sign-On (SSO) using the Security Assertion Markup Language (SAML). The flaw lies in the lack of timestamp validation in the library, enabling a maliciously crafted LogoutRequest to be reused even after its expiration. This could potentially result in unintended user logouts, and in larger contexts, may impact multiple users if LogoutRequests are distributed to various Service Providers (SPs). The issue was addressed in version 4.0.5 with proper timestamp validation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sR4A6t
https://www.cve.org/CVERecord?id=CVE-2023-40178
https://nvd.nist.gov/vuln/detail/CVE-2023-40178

Back to Vulnerability Database

CVE-2023-40178

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations