CVE-2024-1524

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. (affected versions not specified)

Description When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP), a local user store user’s information may be replaced during the account provisioning process if federated users share the same username as local users. This could occur if a malicious actor associates a targeted local user account with a federated IDP user account that they control, requiring a fresh valid user account in the federated IDP, knowledge of a valid local user's username, and an account at the federated IDP matching the targeted local username.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.