Armeria SAML Vulnerability: Upgrade Required to Prevent Bypass of Authentication
CVE-2024-1735

9.1CRITICAL

Key Information:

Vendor: Line Corporation
Status: Armeria
Vendor: CVE Published:; 26 February 2024

🔔 Create Line Corporation Vulnerability Alert

What is CVE-2024-1735?

A security vulnerability has been discovered in armeria-saml versions prior to 1.27.2, which allows attackers to exploit malicious SAML messages to bypass authentication mechanisms. This flaw poses a significant risk to any users relying on the affected versions. It is crucial for users and administrators to upgrade to version 1.27.2 or later to mitigate the risks associated with this vulnerability. For additional information and guidance, reference the official security advisory.

Affected Version(s)

Armeria 0.69.0 < 1.27.2

References

https://github.com/line/armeria/security/advisories/GHSA-...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Feb 22, 2024