CVE-2023-29129

Posted on by admin

CVE-2023-29129

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.

This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.

Source: CVE-2023-29129

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다