Versions Compared

Old Version 15

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version 16

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Date published

Summary

Faulty URL parameter handling in SAML POST binding vulnerable to Cross-site scripting (XSS) through URL parametersmakes it possible to inject html into the login page, which makes cross-site scripting attacks possible.

Affected apps

Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo

Affected versions

All versions between 4.4.2 - 4.14.8, 5.0.0 - 5.11.4 and 6.0.0 - 6.19.0

Affected product feature

Identity Providers > SAML > Advanced SAML Settings > POST binding

Patched versions

Starting from 6.20.0.

Backport patch: 5.11.5

...