Reports released today by Duo (third party link) show there are multiple vulnerabilities in SAML via the XML layer that could potentially be exploited to allow unauthenticated users access to a service like Teamable (in cases where customers are using SAML, e.g. OneLogin or Okta).
Okta also released a note (third party link) detailing how this exploit impacts those using the Okta service.
At Teamable, the security of your account and data is of paramount importance.
We have completed a rigorous review and have made the following impact assessment:
Okta customers are not impacted as the service we rely on, pysaml2, is not affected by this vulnerability.
For OneLogin customers, we have upgraded to python-saml v2.4.0 to patch for the vulnerability.
If you have any further questions, please contact firstname.lastname@example.org.