CVE-2026-45108
- EPSS 0.25%
- Veröffentlicht 27.05.2026 18:53:29
- Zuletzt bearbeitet 01.06.2026 18:31:49
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user withi...
- EPSS 0.16%
- Veröffentlicht 01.04.2026 17:25:06
- Zuletzt bearbeitet 15.04.2026 17:14:04
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collisi...
CVE-2026-31979
- EPSS 0.2%
- Veröffentlicht 11.03.2026 19:47:05
- Zuletzt bearbeitet 16.03.2026 18:18:34
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_<uid> without symlink protections. Since commit 87...
- EPSS 0.5%
- Veröffentlicht 11.03.2026 19:25:21
- Zuletzt bearbeitet 16.03.2026 19:39:37
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelbla...
CVE-2025-54882
- EPSS 0.2%
- Veröffentlicht 07.08.2025 00:02:09
- Zuletzt bearbeitet 09.10.2025 17:36:51
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created creden...