Security update for kanidm (moderate)

openSUSE Security Update: Security update for kanidm Announcement ID: openSUSE-SU-2025:0152-1 Rating: moderate References: 1242642 Cross-References: CVE-2025-3416 CVSS scores: CVE-2025-3416 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE...

CVE-2026-46689

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

EUVD-2026-36133

Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...

CVE-2026-46689

Kanidm vuln CVE-2026-46689: An unauthenticated GET to any /scim/v1/... endpoint with a crafted ?filter= (thousands of nested parentheses, ~4–12 KB) can exhaust the parser’s stack due to an unbounded depth in the SCIM filter grammar. This causes a stack overflow and std::process::abort(), terminat...

Security update for kanidm (critical)

openSUSE Security Update: Security update for kanidm Announcement ID: openSUSE-SU-2026:0198-1 Rating: critical References: Affected Products: openSUSE Backports SLE-15-SP6 An update that contains security fixes can now be installed. Description: This update for kanidm fixes the following issues: ...

Security update for kanidm (critical)

openSUSE Security Update: Security update for kanidm Announcement ID: openSUSE-SU-2026:0192-1 Rating: critical References: Affected Products: openSUSE Backports SLE-15-SP7 An update that contains security fixes can now be installed. Description: This update for kanidm fixes the following issues: ...

GHSA-53HJ-R94P-8C8F Kanidm has non-constant-time comparison of OAuth2 client_secret

Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...

PT-2026-41980

Name of the Vulnerable Software and Affected Versions Kanidm versions prior to 1.9.3 Description An unauthenticated GET request to any /scim/v1/... endpoint using a ?filter= query string containing several thousand nested parentheses approximately 4–12 KB can cause a stack overflow. This occurs...

CVE-2026-46689

creationtimestamp| type| source ---|---|--- 2026-04-30 02:48:09+00:00| published-proof-of-concept| https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh 2026-06-10 22:49:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnxsaqoled26...

openSUSE 15 Security Update : kanidm (openSUSE-SU-2025:0152-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0152-1 advisory. - Update to version 1.6.2git0.a20663ea8: Release 1.6.2 fix: clippy maint: typo in log message Set kid manually to prevent divergence Order keys in...

OPENSUSE-SU-2025:0152-1 Security update for kanidm

This update for kanidm fixes the following issues: - Update to version 1.6.2git0.a20663ea8: Release 1.6.2 fix: clippy maint: typo in log message Set kid manually to prevent divergence Order keys in application JWKS / Fix rotation bug Fix toml issues with strings - Update to version...

kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media (moderate)

kanidm-1.6.0git0.d7ae0f336-1.1 on GA media Announcement ID: openSUSE-SU-2025:15060-1 Rating: moderate Cross-References: CVE-2025-3416 CVSS scores: CVE-2025-3416 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-3416 SUSE : 6.3...

OPENSUSE-SU-2025:15060-1 kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media

These are all security issues fixed in the kanidm-1.6.0git0.d7ae0f336-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

kanidm-provision 日志信息泄露漏洞

kanidm-provision is a small utility program from the individual developers at oddlama to help configure kanidm. A log information disclosure vulnerability exists in kanidm-provision versions prior to 1.2.0, which stems from a function error in the supplied kanidm patch that causes administrator...

openSUSE 15 Security Update : kanidm (openSUSE-SU-2024:0294-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0294-1 advisory. - kanidm version 1.3.3git0.f075d13: Release 1.3.3 Mail substr index 2981 Tenable has extracted the preceding description block directly from the...

OPENSUSE-SU-2024:0294-1 Security update for kanidm

This update for kanidm fixes the following issues: - kanidm version 1.3.3git0.f075d13: Release 1.3.3 Mail substr index 2981...

Security update for kanidm (moderate)

openSUSE Security Update: Security update for kanidm Announcement ID: openSUSE-SU-2024:0294-1 Rating: moderate References: 1191031 1194119 1196972 1210356 Cross-References: CVE-2021-45710 CVE-2022-24713 CVE-2023-26964 CVSS scores: CVE-2021-45710 SUSE: 3.3...

OPENSUSE-SU-2024:11941-1 kanidm-1.1.0~alpha7~git0.c8468199-2.1 on GA media

These are all security issues fixed in the kanidm-1.1.0alpha7git0.c8468199-2.1 package on the GA media of openSUSE Tumbleweed...