CRITICAL🇵🇱 Wersja polska

CVE-2024-25718

CVSS 9.8v3.1pub. 2024-02-11upd. 2024-11-21

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.

🤖 AI Analysis
How it works

The `Samly.State.Store.get_assertion/3` function may return expired session objects (assertions) instead of rejecting them. The `Samly.AuthHandler` module uses such a session retrieved from cache and does not verify its validity — it does not replace it with a new one, even after the validity period has expired. As a result, the access control mechanism based on SAML does not enforce proper session expiration for users.

Impact

An attacker possessing an expired SAML session token can still gain unauthorized access to protected application resources, bypassing access controls. This could lead to disclosure of confidential data, modification of resources, or system disruption.

Mitigation & patch

The Samly package should be updated to version 1.4.0 or newer, which fixes the logic for validating expired sessions. Details of the change are available in the diff between versions 1.3.0 and 1.4.0 in the project repository.

Who is affected

Samly package for Elixir in versions prior to 1.4.0 (Dropbox Samly / handnot2/samly).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dropbox Samly

    APP
    Dropbox
    < 1.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-5924HIGH8.8ten sam vendor

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attacker...

CVE-2022-26181HIGH7.8ten sam vendor

Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_de...

CVE-2019-12171HIGH7.8ten sam vendor

Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Dropbox desktop application 71.4.108.0 store...

CVE-2018-20819HIGH7.8ten sam vendor

io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denia...

CVE-2022-4768MEDIUM6.3ten sam vendor

A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_p...