Bypass of the secureValidation property
CVE-2021-40690

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Santuario
Vendor: CVE Published:; 19 September 2021

Summary

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

Affected Version(s)

Apache Santuario XML Security for Java < 2.2.3,2.1.7

References

https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e...

https://lists.apache.org/thread.html/rbdac116aef912b563da...

mailing-list

https://lists.apache.org/thread.html/re294cfc61f509512874...

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2021
Vulnerability Reserved
Sep 8, 2021

Credit

An Trinh, Calif.