SCA: security update for Sustainsys.Saml2 (GHSA-g6j2-ch25-5mmv)

medium Tenable Self-Hosted Container Security Plugin ID 422583

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less
than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an
important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that
version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2
Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than
version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an
important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version
1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and
are safe to use. (CVE-2020-5261)

See Also

https://github.com/advisories/GHSA-g6j2-ch25-5mmv

Plugin Details

Severity: Medium

ID: 422583

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 3/28/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.04

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2020-5261

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 3/25/2020

Vulnerability Publication Date: 3/25/2020

Reference Information

CVE: CVE-2020-5261

cwe: CWE-294