Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement fusionauth-samlv2. Version 0.2.3 is vulnerable.
c0bc810aed6db58661b8cd13a1ebf5d20fed6fdb9c77567debaa3ab0cf809833