PT-2023-31942 · Atlassian+1 · Bitbucket+4
August Heltne
+1
·
Published
2023-12-29
·
Updated
2024-01-08
·
CVE-2023-52240
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8
Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4
Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 6.0.0 through 6.19.0
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 4.4.2 through 4.14.8
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 5.0.0 through 5.11.4
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server versions 6.0.0 through 6.19.0
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 4.4.2 through 4.14.8
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 5.0.0 through 5.11.4
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server versions 6.0.0 through 6.19.0
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 4.4.2 through 4.14.8
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 5.0.0 through 5.11.4
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server versions 6.0.0 through 6.19.0
Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 4.4.2 through 4.14.8
Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 5.0.0 through 5.11.4
Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server versions 6.0.0 through 6.19.0
Description
The issue allows XSS if SAML POST Binding is enabled. This affects multiple Kantega SAML SSO OIDC Kerberos Single Sign-on apps for Atlassian products.
Recommendations
Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server to version 6.20.0 or disable SAML POST Binding.
Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server to version 6.20.0 or disable SAML POST Binding.
Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server to version 6.20.0 or disable SAML POST Binding.
Update Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server to version 6.20.0 or disable SAML POST Binding.
Update Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server to version 6.20.0 or disable SAML POST Binding.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bamboo
Bitbucket
Confluence
Jira
Kantega Saml Sso Oidc Kerberos Single Sign-On