https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html

Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior vers

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecur

Drupal.org AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

https://rafarmerjr1.github.io/2022/06/13/SAML-miniOrange.html [No Types Assigned]

https://www.drupal.org/sa-contrib-2021-036 [Vendor Advisory]

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST (AV:N/AC:L/Au:S/C:P/I:P/A:P)

NIST CWE-295

OR
     *cpe:2.3:a:drupal:saml_sp_2.0_single_sign_on:*:*:*:*:*:*:*:* versions from (including) 7.x up to (including) 7.x-2.57
     *cpe:2.3:a:drupal:saml_sp_2.0_single_sign_on:*:*:*:*:*:*:*:* versions from (including) 8.x up to (including) 8.x-2.24

https://www.drupal.org/sa-contrib-2021-036 No Types Assigned

https://www.drupal.org/sa-contrib-2021-036 Vendor Advisory