GHSA-hx5q-v6pj-533r: 
Java vulnerability analysis and mitigation

A critical SAML authentication bypass vulnerability (GHSA-hx5q-v6pj-533r) was discovered in Central Dogma versions 0.64.2 and earlier, affecting the centraldogma-server-auth-saml Maven package. The vulnerability was published and reviewed on February 26, 2024, with a CVSS score of 9.1, indicating critical severity. The issue also affects the underlying Armeria SAML implementation (CVE-2024-1735) (GitHub Advisory, Armeria Advisory).

The vulnerability stems from Central Dogma's SAML implementation accepting unsigned SAML messages (including assertions and logout requests) without proper validation. This implementation flaw exists in the SamlMessageUtil.validateSignature() functionality. The vulnerability has been assigned a CVSS v3.1 base score of 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating network vector attack capability, low attack complexity, no privileges required, and no user interaction needed (GitHub Advisory).

The vulnerability allows attackers to forge SAML messages and successfully authenticate themselves to the system, bypassing intended security controls. This results in high impact on both confidentiality and integrity of the system, potentially allowing unauthorized access to protected resources (GitHub Advisory).

The vulnerability has been patched in Central Dogma version 0.64.3 by updating its Armeria dependency to version 1.27.2. Users are strongly advised to upgrade to version 0.64.3 or later. As a temporary workaround, users can manually upgrade the armeria-saml module to version 1.27.2 or later by either replacing the JAR in the Central Dogma distribution or updating the dependency tree of the build (GitHub Advisory, Central Dogma Release).