August Heltne

#43926of 53,635
6.1Total CVSS
Vulnerabilities · 1
PT-2023-31942
6.1
2023-12-29
Atlassian · Bitbucket · CVE-2023-52240
**Name of the Vulnerable Software and Affected Versions** Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 6.0.0 through 6.19.0 Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 6.0.0 through 6.19.0 **Description** The issue allows XSS if SAML POST Binding is enabled. This affects multiple Kantega SAML SSO OIDC Kerberos Single Sign-on apps for Atlassian products. **Recommendations** Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server to version 6.20.0 or disable SAML POST Binding. Update Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server to version 6.20.0 or disable SAML POST Binding.