Versions Compared

Old Version 25

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version 26

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Date published

Summary

Faulty sanitization allows remote attackers to inject arbitrary web script or HTML via URL parameters on the SAML POST binding login servlet in Kantega SSO Enterprise.

CVE ID

CVE-2023-52240

Affected apps

Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo

Affected versions

All versions between 4.4.2 - 4.14.8, 5.0.0 - 5.11.4 and 6.0.0 - 6.19.0

Affected product feature

Identity Providers > SAML > Advanced SAML Settings > POST binding

Patched versions

Starting from 6.20.0.

Backport patches: 5.11.5, 4.14.9

...