We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability.
Reserved 2024-10-03 | Published 2024-10-09 | Updated 2024-10-11 | Assigner GitHub_MCWE-347: Improper Verification of Cryptographic Signature
github.com/...oready/security/advisories/GHSA-j2hr-q93x-gxvh
github.com/...ommit/7f92a0630439972fcbefa8c7eafe8c144bd89915
ssoready.com/docs/self-hosting/self-hosting-sso-ready
Support options