6.1
CVE-2023-52240
- EPSS 0.5%
- Veröffentlicht 29.12.2023 22:15:37
- Zuletzt bearbeitet 21.11.2024 08:39:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformbamboo Version >= 4.4.2 < 4.14.9
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformbitbucket Version >= 4.4.2 < 4.14.9
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformconfluence Version >= 4.4.2 < 4.14.9
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformfecru Version >= 4.4.2 < 4.14.9
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformjira Version >= 4.4.2 < 4.14.9
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformbamboo Version >= 5.0.0 < 5.11.5
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformbitbucket Version >= 5.0.0 < 5.11.5
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformconfluence Version >= 5.0.0 < 5.11.5
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformjira Version >= 5.0.0 < 5.11.5
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformbamboo Version >= 6.0.0 < 6.20.0
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformbitbucket Version >= 6.0.0 < 6.20.0
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformconfluence Version >= 6.0.0 < 6.20.0
Kantega-sso ≫ Kantega Saml Sso Oidc Kerberos Single Sign-on SwPlatformjira Version >= 6.0.0 < 6.20.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.384 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+Vulnerability+HTML+injection+Cross-site+scripting+in+SAML+POST+binding+Kantega+SSO+Enterprise
https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-single-sign-on-for-jira?hosting=datacenter&tab=versions
https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-single-sign-on-for-confluence?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bitbucket?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bamboo?hosting=datacenter&tab=overview
https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-single-sign-on-for-fecru?hosting=server&tab=overview