PT-2015-6803 · Red Hat · Ipsilon
Patrick Uiterwijk
·
Publicado
2015-11-17
·
Atualizado
2022-05-17
·
CVE-2015-5217
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Ipsilon versions 0.1.0 through 1.0.0
Description
The issue is related to the Identity Provider (IdP) server, where the
providers/saml2/admin.py file does not properly check permissions to update the SAML2 Service Provider (SP) owner. This allows remote authenticated users to cause a denial of service via a duplicate SP name.Recommendations
For Ipsilon versions 0.1.0 through 1.0.0, update to version 1.0.1 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ipsilon