Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Date published

Summary

SAML POST binding vulnerable to Cross-site scripting (XSS) through URL parameters

Affected apps

Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo

Affected versions

All versions between 4.4.2 - 5.11.4 and 6.0 - 6.19.0

Affected product feature

Identity Providers > SAML > Advanced SAML Settings > POST binding

Patched versions

Starting from 6.20.0.

Backport patch: 5.11.5

Subscribe to our security and critical updates mailing list if you would like to receive updates about announcements like this per email.

Summary of vulnerability

SAML SSO configurations using SAML POST binding (configured in Advanced SAML settings) are vulnerable to cross-site scripting through HTML injection in URL parameters. The vulnerability only applies if you have activated Enable POST binding in Identity Providers > your identity provider > Advanced SAML settings:

Affected Kantega SSO Enterprise versions

The below table highlights which versions are affected. We have released a patch in version 6.20.0 of Kantega SSO Enterprise for all host products, and a backport version in 5.11.5.

Affected apps

Vulnerability criteria

Fixes

Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center

Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Server

If you are running SAML with POST binding: All versions between 4.4.2-5.11.4 and 6.0.0 - 6.19.0

Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5

Option 2: Disable POST binding in advanced SAML settings and use default redirect binding

Option 3: Configure a new Identity provider using OpenID Connect and disable SAML

Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center

Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Server

If you are running SAML with POST binding: All versions between 4.4.2 - 6.19.0

Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5

Option 2: Disable POST binding in advanced SAML settings and use default redirect binding

Option 3: Configure a new Identity provider using OpenID Connect and disable SAML

Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center

Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Server

If you are running SAML with POST binding: All versions between 4.4.2 - 6.19.0

Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5

Option 2: Disable POST binding in advanced SAML settings and use default redirect binding

Option 3: Configure a new Identity provider using OpenID Connect and disable SAML

Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Server

Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center

If you are running SAML with POST binding: All versions between 4.4.2 - 6.19.0

If you are running SAML with POST binding: All versions between 5.6.2 - 6.19.0

Option 1: Update Kantega SSO Enterprise to version >= 6.20.0 or to backport version 5.11.5

Option 2: Disable POST binding in advanced SAML settings and use default redirect binding

Option 3: Configure a new Identity provider using OpenID Connect and disable SAML

Support

Are you worried, or have any questions about the vulnerability? Reach out to our support team in our help center or send an email to security@kantega-sso.com, and we will assist you.

Changelog

Updates about backport version and support contact

Updates about remediation

Initial publication

  • No labels