522 matches found
FreeBSD : security/shibboleth-idp -- CAS service SSRF (7a7129ef-e790-11ee-a1c0-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a7129ef-e790-11ee-a1c0-0050569f0b83 advisory. - Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring...
security/shibboleth-idp -- CAS service SSRF
Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring Framework to parse CAS service URLs and append the ticket parameter...
BIT-MOODLE-2021-20187
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...
BIT-MOODLE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin...
Moodle Session Hijack Vulnerability (MSA-21-0032)
Moodle is prone to a Session Hijack risk vulnerability when Shibboleth authentication is enabled. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
SUSE SLES12 Security Update : xmltooling (SUSE-SU-2023:2975-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2975-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
openSUSE 15 Security Update : xmltooling (SUSE-SU-2023:2766-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2766-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block directly from the...
SUSE CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
DEBIAN-CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
Server side request forgery (ssrf)
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
UBUNTU-CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
Shibboleth 代码问题漏洞
Shibboleth is an open source SAML protocol web single sign-on system for Windows based platforms from Shibboleth, UK. A security vulnerability exists in Shibboleth XMLTooling prior to version 3.2.4, which is caused by server-side request forgery SSRF via a specially crafted KeyInfo element...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2023-36661
CVE-2023-36661 affects Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider. The underlying issue is a server-side request forgery (SSRF) via a crafted KeyInfo element in XML signatures. This yields unauthenticated SSRF risk with impact on availability (per CVE ...
CVE-2023-36661
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...