Onelogin : Security Vulnerabilities, CVEs,
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Max CVSS
9.8
EPSS Score
1.06%
Published
2019-04-17
Updated
2019-10-09
OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Max CVSS
9.8
EPSS Score
1.06%
Published
2019-04-17
Updated
2019-10-09
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.
Max CVSS
7.5
EPSS Score
0.18%
Published
2019-08-22
Updated
2019-08-29
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.09%
Published
2017-01-23
Updated
2017-01-25
xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-05-27
Updated
2023-07-03
5 vulnerabilities found