12 matches found
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...
EUVD-2023-3194
Malicious code in bioql PyPI...
CVE-2023-6837
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...
GHSA-F6JM-9PR8-9C3W Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...
CVE-2023-6837
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...
CVE-2023-6837
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...
Authentication flaw
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...
CVE-2023-6837
CVE-2023-6837 concerns multiple WSO2 products where, under specific federated authentication and JIT provisioning configurations, an attacker could impersonate another user. The vulnerable setup requires: (1) an IDP configured for federated authentication with JIT provisioning enabled and the pro...
CVE-2023-6837 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...
PT-2023-32785 · Wso2 · Wso2
Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: The issue allows a malicious actor to perform user impersonation using JIT provisioning under specific conditions. These conditions include an IDP configured for federated...
HackerOne: Accidental Access to Programs Information via SAML Login
On November 8th, 2018, HackerOne released software to production that contained a bug which impacted our Security Assertion Markup Language SAML authentication system. As a result of the bug, the SAML JIT Just-In-Time provisioning mechanism granted users of one customer program read-only access t...