...
Date published |
|
|---|---|
Summary | SAML POST binding vulnerable to Cross-site scripting (XSS) through URL parameters |
Affected apps | Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira |
Affected versions | All versions between 4.4.2 - 5.11.4 and 6.0 - 6.19.0 |
Affected product feature | Identity Providers > SAML > Advanced SAML Settings > POST binding |
Patched versions | Starting from 6.20.0. Backport patch: 5.11.5 |
Are you worried, or have any questions about the vulnerability? Reach out to our support team in our help center or send an email to security@kantega-sso.com, and we will assist you.
| Info |
|---|
Subscribe to our security and critical updates mailing list if you would like to receive updates about announcements like this per email. |
Summary of vulnerability
SAML SSO configurations using SAML POST binding (configured in Advanced SAML settings) are vulnerable to cross-site scripting through HTML injection in URL parameters. The vulnerability only applies if you have activated Enable POST binding in Identity Providers > your identity provider > Advanced SAML settings:
...
Affected apps | Vulnerability criteria | Fixes |
|---|---|---|
Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Server | If you are running SAML with POST binding: All versions between 4.4.2-5.11.4 and 6.0.0 - 6.19.0 | Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Server | If you are running SAML with POST binding: All versions between 4.4.2 - 6.19.0 | Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Server | If you are running SAML with POST binding: All versions between 4.4.2 - 6.19.0 | Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Server Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center | If you are running SAML with POST binding: All versions between 4.4.2 - 6.19.0 If you are running SAML with POST binding: All versions between 5.6.2 - 6.19.0 | Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5 Option 2: Disable POST binding in advanced SAML settings and use default redirect binding Option 3: Configure a new Identity provider using OpenID Connect and disable SAML |
Support
Are you worried, or have any questions about the vulnerability? Reach out to our support team in our help center or send an email to security@kantega-sso.com, and we will assist you.