CVE-2021-21239

Published: 21 January 2021

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0.

Priority

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package	Release	Status
python-pysaml2 Launchpad, Ubuntu, Debian	impish	Released (6.1.0-0ubuntu2)
	jammy	Released (6.1.0-0ubuntu2)
	trusty	Does not exist
	upstream	Released (6.5.1-1)
	bionic	Released (4.0.2-0ubuntu3.2)
	focal	Released (4.9.0-0ubuntu3.1)
	groovy	Ignored (end of life)
	hirsute	Released (6.1.0-0ubuntu1.21.04.1)
	xenial	Released (3.0.0-3ubuntu1.16.04.4+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	Patches: upstream: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737

Severity score breakdown

Parameter	Value
Base score	6.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980772

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›