CVE-2021-33054
Description
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.301
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| sogo security update(DSA-5029-1) sogo_4.0.7-1+deb10u2_i386.deb | Linux |
| sogo security update(DSA-5029-1) sogo_4.0.7-1+deb10u2_amd64.deb | Linux |
| sogo security update(DSA-5029-1) sogo_5.0.1-4+deb11u1_amd64.deb | Linux |
| sogo security update(DSA-5029-1) sogo_5.0.1-4+deb11u1_i386.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234