CVE-2021-23365
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | github.com/TykTechnologies/tyk-identity-broker | unspecified < 1.1.1 | affected |
Weaknesses
- Authentication Bypass
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720
- https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1
- https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0
- https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0
- https://github.com/TykTechnologies/tyk-identity-broker/pull/147
References
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKIDENTITYBROKER-1089720
- https://github.com/TykTechnologies/tyk-identity-broker/releases/tag/v1.1.1
- https://github.com/TykTechnologies/tyk-identity-broker/commit/243092965b0f93a95a14cb882b5b9a3df61dd5c0
- https://github.com/TykTechnologies/tyk-identity-broker/commit/46f70420e0911e4e8b638575e29d394c227c75d0
- https://github.com/TykTechnologies/tyk-identity-broker/pull/147
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.