What is GHSA-jcmp-phfm-38x8?

GHSA-jcmp-phfm-38x8 is a security advisory published by GitHub Security Advisories with High severity. Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay...

Which CVE IDs does GHSA-jcmp-phfm-38x8 cover?

GHSA-jcmp-phfm-38x8 covers the following CVE IDs: CVE-2026-9095. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-jcmp-phfm-38x8?

GHSA-jcmp-phfm-38x8 has a CVSS v3 base score of 8.1, published by GitHub Security Advisories.

GHSA-jcmp-phfm-38x8HighCVSS 8.1

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay...

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-9095 →

📋 Description

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcement, or replay detection anywhere in the SAML SP code path. As a result, an attacker can replay a previously captured SAML assertion to obtain an authenticated session for the assertion’s subject, including administrator accounts, without needing the user’s password or MFA credentials.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-9095
https://kb.cert.org/vuls/id/780781
https://github.com/advisories/GHSA-jcmp-phfm-38x8