From c219d8bdd28db567fd3c089a8743f89bfe00bd40 Mon Sep 17 00:00:00 2001
From: TimmyBc <shpejtim.kurtishaj@bugcrowd.com>
Date: Sun, 12 Jan 2025 12:43:07 +0100
Subject: [PATCH] SAML Replay - P5

Adding:
P5 - Broken Authentication and Session Management - SAML Replay
---
 mappings/cvss_v3/cvss_v3.json                       | 4 ++++
 mappings/remediation_advice/remediation_advice.json | 7 +++++++
 vulnerability-rating-taxonomy.json                  | 6 ++++++
 3 files changed, 17 insertions(+)

diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
index de48c505..d8d1b3f4 100644
--- a/mappings/cvss_v3/cvss_v3.json
+++ b/mappings/cvss_v3/cvss_v3.json
@@ -366,6 +366,10 @@
           "id": "authentication_bypass",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
         },
+        {
+          "id": "saml_replay",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
+        },
         {
           "id": "two_fa_bypass",
           "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
index 4717943f..fb5bdc3d 100644
--- a/mappings/remediation_advice/remediation_advice.json
+++ b/mappings/remediation_advice/remediation_advice.json
@@ -721,6 +721,13 @@
             "https://www.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009)"
           ]
         },
+        {
+          "id": "saml_replay",
+          "references": [
+            "https://snyk.io/blog/common-saml-vulnerabilities-remediate/",
+            "https://support.okta.com/help/s/article/okta-service-has-protection-against-replay-attacks?language=en_US"
+          ]
+        },
         {
           "id": "cleartext_transmission_of_session_token",
           "remediation_advice": "Ensure that session tokens are transmitted over protected channels at all times. If the secure cookie flag is not an option ensure that the application does not support unencrypted communication.",
diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
index ed39afe3..05f27f51 100644
--- a/vulnerability-rating-taxonomy.json
+++ b/vulnerability-rating-taxonomy.json
@@ -747,6 +747,12 @@
           "type": "subcategory",
           "priority": 1
         },
+        {
+          "id": "saml_replay",
+          "name": "SAML Replay",
+          "type": "subcategory",
+          "priority": 5
+        },    
         {
           "id": "two_fa_bypass",
           "name": "Second Factor Authentication (2FA) Bypass",