The SAML SSO addon in JFrog Artifactory version 6.5.9 does not properly validate the XML signature in the SAMLResponse field send to the URL /webapp/saml/loginResponse. An attacker can use this flaw to login as any user if they already can login as some user.
2210b15f819271c6a55202eb862e9978ee5dcea5cb47625f5426dc464569ec4d