GHSA-5x9f-6vg5-qg4mHighCVSS 7.0

Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token

Published
June 5, 2026
Last Modified
June 5, 2026

🔗 CVE IDs covered (1)

📋 Description

Summary

SAML.getSession (internal/pkg/auth/interceptor/saml.go) checks the Used flag on a SAMLAssertion resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same saml-session token can both observe Used == false, both pass validation, and both return a successful authentication context. An attacker who obtains a valid saml-session token can exploit this window to authenticate as the token's owner multiple times, defeating the one-time-use guarantee.

Severity

  • Attack Vector: Local: the attacker needs to either be able to intercept the local, unencrypted traffic or needs access to user's browser.
  • Attack Complexity: High: the attacker must first obtain a valid saml-session token belonging to the victim (requires a separate interception step; the token is ephemeral and single-use by design).
  • Privileges Required: None: no Omni account is required to carry out the race once the session token is in hand.
  • User Interaction: Required: the victim must initiate a SAML authentication flow to produce the session token that the attacker intercepts.
  • Scope: Unchanged: the impact stays within Omni's authorization boundary.
  • Confidentiality Impact: High: successful exploitation authenticates the attacker as the victim's email identity, granting read access to any resource accessible to that identity.
  • Integrity Impact: High: the attacker can confirm one or more public keys under the victim's identity (via ConfirmPublicKey), establishing persistent access credentials tied to the victim's account.
  • Availability Impact: High: if the attacker can successfully perform the attack and if the victim is a privileged Omni user, e.g., an Omni Operator or Admin, they can take Omni down.

Impact

  • Session replay: A stolen saml-session token can be used more than once, defeating its single-use guarantee.
  • Multiple public key confirmations: An attacker who steals the session can confirm N attacker-controlled public keys under the victim's identity in a single stolen session window, creating N persistent long-lived API credentials tied to the victim's account.
  • Authentication as victim: Any gRPC endpoint gated by the SAML interceptor can be reached as the victim's email identity during the race window.
  • Audit log pollution: Each raced call generates an audit entry attributed to the victim's email, obscuring the attacker's actions.

Credit

This vulnerability was discovered and reported by bugbunny.ai.

🎯 Affected products2

  • go/github.com/siderolabs/omni:< 1.6.6
  • go/github.com/siderolabs/omni:>= 1.7.0, < 1.7.3

🔗 References (4)