PT-2015-6803 · Red Hat · Ipsilon
Patrick Uiterwijk
·
Published
2015-11-17
·
Updated
2022-05-17
·
CVE-2015-5217
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Ipsilon versions 0.1.0 through 1.0.0
Description
The issue is related to the Identity Provider (IdP) server, where the
providers/saml2/admin.py file does not properly check permissions to update the SAML2 Service Provider (SP) owner. This allows remote authenticated users to cause a denial of service via a duplicate SP name.Recommendations
For Ipsilon versions 0.1.0 through 1.0.0, update to version 1.0.1 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ipsilon