CVE-2022-39299— Signature bypass via multiple root elements in Passport-SAML
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-39299
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Signature bypass via multiple root elements in Passport-SAML
Source: NVD (National Vulnerability Database)
Vulnerability Description
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Passport-SAML 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Passport-SAML是Passport的SAML 2.0身份验证提供程序,Node.js 身份验证库。 Passport-SAML存在数据伪造问题漏洞,该漏洞源于远程攻击者可以使用passport-saml绕过网站上的SAML身份验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| node-saml | passport-saml | < 3.2.2 | - |
II. Public POCs for CVE-2022-39299
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-saml | https://github.com/doyensec/CVE-2022-39299_PoC_Generator | POC Details |
| 2 | CVE-2022-39299 취약점에 대한 Research 정리 | https://github.com/KaztoRay/CVE-2022-39299-Research | POC Details |
| 3 | CVE-2022-39299 취약점에 대한 Research 정리 | https://github.com/AventurineJun/CVE-2022-39299-Research | POC Details |
| 4 | CVE-2022-39299 취약점에 대한 Research 정리 | https://github.com/Haruaventure/CVE-2022-39299-Research | POC Details |
| 5 | CVE-2022-39299 취약점에 대한 Research 정리 | https://github.com/AventurineJ/CVE-2022-39299-Research | POC Details |
| 6 | CVE-2022-39299 취약점에 대한 Research 정리 | https://github.com/Viperazor/CVE-2022-39299-Research | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-39299
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: node-saml
- CVE-2025-54369
Node-SAML SAML Authentication Bypass - CVE-2025-54419
Node-SAML Contains SAML Signature Verification Vulnerability - CVE-2025-29775
xml-crypto Vulnerable to XML Signature Verification Bypass v - CVE-2025-29774
xml-crypto Vulnerable to XML Signature Verification Bypass v - CVE-2024-32962
XML signature verification bypass due improper verification
Same weakness: CWE-347
- CVE-2026-42193
Plunk: SNS webhook forgery - CVE-2026-44497
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type - CVE-2026-41669
Admidio: SAML Signature Validation Result Ignored — Forged A - CVE-2026-7689
Dolibarr ERP CRM Online Signature security.lib.php dol_verif - CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic
V. Comments for CVE-2022-39299
No comments yet