Stored XSS in Kantega SSO Enterprise via Group names lead attacker to elevate a privileged user account to System admin. When script injection is stored in group names under User Management > Groups, a Select / dropdown component used on the
Status
colour
Red
title
oidc/saml
“Group Memberships” page,
Status
colour
Green
title
common
“Disable traditional username/password login” page and
Status
colour
Blue
title
kerberos
“Disable Kerberos for some users ” page was susceptible to stored XSS. The vulnerability is considered of low severity, since the attacker already would need to have administrative access to the system.
Thanks to Bug Bounty researcher UpdateLap for discovering this vulnerability.
Patch CVE-2022-25858 found in the webpack terser plugin
Changes in 5.10.4
11:30 CET
Bugfix backup of config in Windows and other improvements
Bug fixes
Status
title
Backup & restore
A change introduced in version 5.7 of Kantega SSO Enterprise made a subtle change to file handling, which broke the creation of a backup of config file on Windows servers, because of a file lock that occured only in Windows, and passed by undiscovered in Unix-based QA.
Improvements
Status
colour
Red
title
support debug information
The Debug info text in the Support tab now contains information from the latest OIDC/SAML test logins, and such gives a more complete image of the instance without having to send several fragments from test pages in addition to the global Debug info text.
Status
colour
Yellow
title
api tokens
Fix debug log statement which had an inverted reasoning for blocking a request