...
| Info |
|---|
Subscribe to our security and critical updates mailing list if you would like to receive updates about announcements like this per email. |
Summary of vulnerability
SAML SSO configurations using SAML POST binding (configured in Advanced SAML settings) are vulnerable to cross-site scripting through HTML injection in URL parameters. The vulnerability only applies if you have activated Enable POST binding in Identity Providers > your identity provider > Advanced SAML settings:
...
Affected Kantega SSO Enterprise versions
The below table highlights which versions are affected. We have released a patch in version 6.20.0 of Kantega SSO Enterprise for all host products, and a backport version in 5.11.5.
Affected apps | Vulnerability criteria | Fixes |
|---|---|---|
Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Server | Your installation is vulnerable to the exploit if all the following statements are true:
| Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Server | Your installation is vulnerable to the exploit if all the following statements are true:
| Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Server | Your installation is vulnerable to the exploit if all the following statements are true:
| Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Server Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center | Your installation is vulnerable to the exploit if all the following statements are true:
Same as for Server, but only versions between 5.6.2 - 6.19.0 | Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Your installation is vulnerable to the exploit if all the following statements are true:
| Option 1: Downgrade Kantega SSO Enterprise to version 4.4.1 or temporarily workaround and wait for update to 4.14.9 (we are working on a backport, it will be available soon) Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Support
Are you worried, or have any questions about the vulnerability? Reach out to our support team Please raise a ticket in our help center or send an email to security@kantega-sso.com, and we will assist you if you have any questions or concerns.
| Info |
|---|
Changelog Updates about backport version and support contact, and more details Updates about remediation Initial publication |
...