Check your Spring Security SAML config - XXE security issue
It was brought to our attention that the spring-security-saml sample application contained an XML External Entity (XXE) vulnerability. This meant that a malicious user could view any file that the Spring Application’s process had access to.
The issue was a direct result of OpenSAML Java ParserPool and Decrypter Vulnerable To XML Attacks. The default behavior of the ParserPool
implementations is fixed in OpenSAML 2.6.1+ (which Spring Security SAML uses). However, the vulnerability is still possible if users construct their own ParserPool
without the proper settings.
Note
We did not consider this a CVE because the exploit was only found in the sample application which is not considered production code. However, we expect that our users may have copied this code to create their own applications. For this reason, we wanted to be transparent and communicate the issue and…