CVE-2022-26493

CVE-2022-26493

Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module’s default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions.

Source: CVE-2022-26493

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다