Versions Compared

Old Version 24

changes.mady.by.user Elias Brattli Sørensen

Saved on

compared with

New Version Current

changes.mady.by.user Elias Brattli Sørensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Date published

Summary

Faulty sanitization allows remote attackers to inject arbitrary web script or HTML via URL parameters on the SAML POST binding login servlet in Kantega SSO Enterprise.

CVE ID

CVE-2023-52240

Affected apps

Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo

Affected versions

All versions between 4.4.2 - 4.14.8, 5.0.0 - 5.11.4 and 6.0.0 - 6.19.0

Affected product feature

Identity Providers > SAML > Advanced SAML Settings > POST binding

Patched versions

Starting from 6.20.0.

Backport patches: 5.11.5, 4.14.9

...

Please raise a ticket in our help center send an email to security@kantega-sso.com if you have any questions or concerns.

Info

Changelog

Update summary table with CVE ID

More updates about backport version 4.14.9

Updates about backport version and support contact, and more details

Updates about remediation

Initial publication

...