CVE-2020-8300: 
NixOS vulnerability analysis and mitigation

CVE-2020-8300 is a security vulnerability affecting Citrix ADC (Application Delivery Controller), Citrix/NetScaler Gateway, and Citrix SD-WAN WANOP Edition. The vulnerability was discovered and assigned on January 28, 2020. The affected versions include Citrix ADC and Citrix/NetScaler Gateway versions before 13.0-82.41, 12.1-62.23, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition 10.2 before 10.2.9a (CVE Mitre).

The vulnerability stems from improper access control in the SAML authentication mechanism. It specifically affects systems where Citrix ADC or Citrix Gateway is configured as a SAML SP (Service Provider) or a SAML IdP (Identity Provider). The vulnerability allows for SAML authentication hijacking through phishing attacks, potentially leading to the theft of valid user sessions (NVD).

When successfully exploited, this vulnerability allows attackers to hijack valid user sessions through SAML authentication manipulation. This could potentially lead to unauthorized access to protected resources and services, compromising the security of affected systems (CVE Mitre).

Citrix has released security updates to address this vulnerability. Users are advised to upgrade to the following versions: Citrix ADC and Gateway version 13.0-82.41 or later, 12.1-62.23 or later, 11.1-65.20 or later, Citrix ADC 12.1-FIPS version 12.1-55.238 or later, and Citrix SD-WAN WANOP Edition 10.2.9a or later (Citrix Support).