Lucene search
K

9 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2024-55648

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2024-1248

The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...

4.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2026/06/02 8:30 p.m.27 views

CVE-2026-47201

The CVE-2026-47201 entry affects authentik’s SAML Source ACS endpoint, where XML Signature Wrapping can allow an attacker with any upstream-IdP account to authenticate as a different federated user. The issue arises during validation of upstream SAML responses and has been patched in authentik ve...

8.5CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/24 9:16 a.m.4 views

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

8.1CVSS5.7AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 9:16 a.m.8 views

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

8.1CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 8:51 a.m.5 views

CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

7.7CVSS5.2AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21674

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP, a local user store user’s information may be replaced duri...

7.7CVSS5.9AI score0.00261EPSS
Exploits0References7
Cent OS
Cent OS
added 2019/08/30 3:9 a.m.77 views

keycloak, python2 security update

CentOS Errata and Security Advisory CESA-2019:2137 An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a...

7.8CVSS6.6AI score0.00386EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/08/30 12:0 a.m.32 views

CentOS 7 : keycloak-httpd-client-install (CESA-2019:2137)

An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.3AI score0.00386EPSS
Exploits0References3
Rows per page
Query Builder