PT-2020-10151 · Abacus · Abacus Oauth Login

Ville Koch

Published

2020-03-11

Updated

2020-03-20

CVE-2019-19381

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Abacus OAuth Login versions 2019 01 r4 20191021 0000 through prior to R4 (20.11.2019 Hotfix)

Description The issue allows Reflected Cross Site Scripting (XSS) via an error message. This occurs in the "oauth/oauth2/v1/saml/" endpoint.

Recommendations For versions 2019 01 r4 20191021 0000 through prior to R4 (20.11.2019 Hotfix), update to a version after R4 (20.11.2019 Hotfix) to resolve the issue. As a temporary workaround, consider restricting access to the "oauth/oauth2/v1/saml/" endpoint until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-19381

Affected Products

Abacus Oauth Login

PT-2020-10151 · Abacus · Abacus Oauth Login

CVE-2019-19381

Weakness Enumeration

Related Identifiers

Affected Products

References · 5