Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-yh1m-wtu8-6bgc
Vulnerability ID VCID-yh1m-wtu8-6bgc
Aliases CVE-2017-11428
GHSA-x2fr-v8wf-8wwv
Summary Ruby-SAML Improper Authentication vulnerability
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-287 Improper Authentication
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00374 https://api.first.org/data/v1/epss?cve=CVE-2017-11428
epss 0.00374 https://api.first.org/data/v1/epss?cve=CVE-2017-11428
epss 0.00374 https://api.first.org/data/v1/epss?cve=CVE-2017-11428
epss 0.00374 https://api.first.org/data/v1/epss?cve=CVE-2017-11428
cvssv3.1 7.7 https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
generic_textual HIGH https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x2fr-v8wf-8wwv
cvssv3 7.7 https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
cvssv3.1 7.7 https://nvd.nist.gov/vuln/detail/CVE-2017-11428
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2017-11428
cvssv3.1 7.7 https://www.kb.cert.org/vuls/id/475445
generic_textual HIGH https://www.kb.cert.org/vuls/id/475445
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-11428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11428
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
https://github.com/onelogin/ruby-saml/releases/tag/v1.6.2
https://shibboleth.net/community/advisories/secadv_20180112.txt
https://www.kb.cert.org/vuls/id/475445
892865 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892865
CVE-2017-11428 https://nvd.nist.gov/vuln/detail/CVE-2017-11428
GHSA-x2fr-v8wf-8wwv https://github.com/advisories/GHSA-x2fr-v8wf-8wwv
USN-7309-1 https://usn.ubuntu.com/7309-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-11428
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://www.kb.cert.org/vuls/id/475445
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.59509
EPSS Score 0.00374
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:25:24.449213+00:00 GHSA Importer Import https://github.com/advisories/GHSA-x2fr-v8wf-8wwv 38.6.0