SCA: security update for Sustainsys.Saml2 (GHSA-9475-xg6m-j7pw)

high Tenable Cloud Security Plugin ID 422185

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is
a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens
- a caller that presents a token is assumed to be the subject of the token. There is also support in the
Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where
possession of a private key must be proved. The Sustainsys.Saml2 library incorrectly treats all incoming
tokens as bearer tokens, even though they have another subject confirmation method specified. This could
be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than
bearer. The attacker could then use such a token to create a log in session. This vulnerability is patched
in versions 1.0.2 and 2.7.0. (CVE-2020-5268)

See Also

https://github.com/advisories/GHSA-9475-xg6m-j7pw

Plugin Details

Severity: High

ID: 422185

Version: Revision 1.3

Type: Local

Family: SCA Checks

Published: 3/28/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.04

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2020-5268

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 4/22/2020

Vulnerability Publication Date: 4/21/2020

Reference Information

CVE: CVE-2020-5268

cwe: CWE-303