{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "8b6b2f28f1381f8d4f1476d5f962804e003c252a" } ], "repo": "https://github.com/node-saml/passport-saml", "type": "GIT" } ] } ], "aliases": [ "GHSA-m974-647v-whv7" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-347" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39299.json" }, "details": "Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.", "id": "CVE-2022-39299", "modified": "2026-04-01T23:09:56.283489934Z", "published": "2022-10-12T00:00:00Z", "references": [ { "type": "WEB", "url": "http://packetstormsecurity.com/files/169826/Node-saml-Root-Element-Signature-Bypass.html" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/39xxx/CVE-2022-39299.json" }, { "type": "ADVISORY", "url": "https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39299" }, { "type": "FIX", "url": "https://github.com/node-saml/passport-saml/commit/8b7e3f5a91c8e5ac7e890a0c90bc7491ce33155e" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Signature bypass via multiple root elements in Passport-SAML" }