Summary "SAML.getSession" ("internal/pkg/auth/interceptor/saml.go") checks the "Used" flag on a "SAMLAssertion" resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same "saml-session" token can both observe "Used == false", both pass validation, and both return a successful authentication context. An attacker who obtains a valid "saml-session" token can exploit this window to authenticate as the token's owner multiple times, defeating the one-time-use guarantee. Severity - Attack Vector: Local: the attacker needs to either be able to intercept the local, unencrypted traffic or needs access to user's browser. - Attack Complexity: High: the attacker must first obtain a valid "saml-session" token belonging to the victim (requires a separate interception step; the token is ephemeral and single-use by design). - Privileges Required: None: no Omni account is required to carry out the race once the session token is in hand. - User Interaction: Required: the victim must initiate a SAML authentication flow to produce the session token that the attacker intercepts. - Scope: Unchanged: the impact stays within Omni's authorization boundary. - Confidentiality Impact: High: successful exploitation authenticates the attacker as the victim's email identity, granting read access to any resource accessible to that identity. - Integrity Impact: High: the attacker can confirm one or more public keys under the victim's identity (via "ConfirmPublicKey"), establishing persistent access credentials tied to the victim's account. - Availability Impact: High: if the attacker can successfully perform the attack and if the victim is a privileged Omni user, e.g., an Omni Operator or Admin, they can take Omni down. Impact - Session replay: A stolen "saml-session" token can be used more than once, defeating its single-use guarantee. - Multiple public key confirmations: An attacker who steals the session can confirm N attacker-controlled public keys under the victim's identity in a single stolen session window, creating N persistent long-lived API credentials tied to the victim's account. - Authentication as victim: Any gRPC endpoint gated by the SAML interceptor can be reached as the victim's email identity during the race window. - Audit log pollution: Each raced call generates an audit entry attributed to the victim's email, obscuring the attacker's actions. Credit This vulnerability was discovered and reported by "bugbunny.ai" (https://bugbunny.ai).