{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T13:57:49.514","vulnerabilities":[{"cve":{"id":"CVE-2020-5390","sourceIdentifier":"cve@mitre.org","published":"2020-01-13T19:15:12.413","lastModified":"2024-11-21T05:34:02.957","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed."},{"lang":"es","value":"PySAML2 versiones anteriores a la versión 5.0.0 no comprueba que la firma en un documento SAML esté envuelta y, por lo tanto, el empaquetado de la firma es efectivo, es decir, está afectado por XML Signature Wrapping (XSW). La información de la firma y el nodo u objeto que está firmado puede estar en diferentes lugares y, por lo tanto, la comprobación de la firma tendrá éxito, pero serán usados los datos incorrectos. Esto afecta específicamente la comprobación de las afirmaciones que se han firmado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*","versionEndExcluding":"5.0.0","matchCriteriaId":"CFD4A9E7-AAAC-4FC5-97BF-3C6B947AD87B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","matchCriteriaId":"CD783B0C-9246-47D9-A937-6144FE8BFF0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","matchCriteriaId":"A31C8344-3E02-4EB8-8BD8-4C84B7959624"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]}],"references":[{"url":"https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/IdentityPython/pysaml2/releases","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00025.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pypi.org/project/pysaml2/5.0.0/","source":"cve@mitre.org","tags":["Product","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4245-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4630","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/IdentityPython/pysaml2/releases","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00025.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pypi.org/project/pysaml2/5.0.0/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4245-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2020/dsa-4630","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}