PT-2023-31942 · Atlassian+1 · Bitbucket+4

August Heltne

+1

·

Publicado

2023-12-29

·

Atualizado

2024-01-08

·

CVE-2023-52240

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 6.0.0 through 6.19.0
Description The issue allows XSS if SAML POST Binding is enabled. This affects multiple Kantega SAML SSO OIDC Kerberos Single Sign-on apps for Atlassian products.
Recommendations Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server to version 6.20.0 or disable SAML POST Binding.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-52240

Produtos afetados

Bamboo
Bitbucket
Confluence
Jira
Kantega Saml Sso Oidc Kerberos Single Sign-On