Lucene search
+L

522 matches found

nessus
nessus
added 2024/03/22 12:0 a.m.11 views

FreeBSD : security/shibboleth-idp -- CAS service SSRF (7a7129ef-e790-11ee-a1c0-0050569f0b83)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7a7129ef-e790-11ee-a1c0-0050569f0b83 advisory. - Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring...

5.6AI score
Exploits0References2
freebsd
freebsd
added 2024/03/20 12:0 a.m.11 views

security/shibboleth-idp -- CAS service SSRF

Shibboleth Developers report: The Identity Provider's CAS support relies on a function in the Spring Framework to parse CAS service URLs and append the ticket parameter...

7.2AI score
Exploits0References1
osv
osv
added 2024/03/06 11:11 a.m.28 views

BIT-MOODLE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

7.2CVSS7.1AI score0.01572EPSS
Exploits0References2
osv
osv
added 2024/03/06 11:9 a.m.21 views

BIT-MOODLE-2021-36394

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin...

9.8CVSS9.7AI score0.07034EPSS
Exploits2References2
openvas
openvas
added 2023/08/16 12:0 a.m.16 views

Moodle Session Hijack Vulnerability (MSA-21-0032)

Moodle is prone to a Session Hijack risk vulnerability when Shibboleth authentication is enabled. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

6.5CVSS4.8AI score0.00901EPSS
Exploits0References5
nessus
nessus
added 2023/07/27 12:0 a.m.22 views

SUSE SLES12 Security Update : xmltooling (SUSE-SU-2023:2975-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2975-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block...

7.5CVSS7.5AI score0.03055EPSS
Exploits3References4
redhatcve
redhatcve
added 2023/07/24 11:17 p.m.48 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS6.7AI score0.03055EPSS
Exploits3References3
nessus
nessus
added 2023/07/04 12:0 a.m.24 views

openSUSE 15 Security Update : xmltooling (SUSE-SU-2023:2766-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2766-1 advisory. - CVE-2023-36661: Fixed a server-side-request-forgery SSRF vulnerability bsc1212359. Tenable has extracted the preceding description block directly from the...

7.5CVSS7.5AI score0.03055EPSS
Exploits3References4
susecve
susecve
added 2023/06/27 1:25 a.m.3 views

SUSE CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

5.4CVSS6.8AI score0.03055EPSS
Exploits3References6
nvd
nvd
added 2023/06/25 10:15 p.m.52 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.3AI score0.03055EPSS
Exploits3References2
osv
osv
added 2023/06/25 10:15 p.m.11 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.3AI score
Exploits0References2
osv
osv
added 2023/06/25 10:15 p.m.1 views

DEBIAN-CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS8.4AI score0.03055EPSS
Exploits3References1
prion
prion
added 2023/06/25 10:15 p.m.36 views

Server side request forgery (ssrf)

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

5CVSS7.2AI score0.03055EPSS
Exploits3References2Affected Software2
osv
osv
added 2023/06/25 10:15 p.m.9 views

UBUNTU-CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS5.8AI score0.03055EPSS
Exploits3References5
ubuntucve
ubuntucve
added 2023/06/25 10:15 p.m.34 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.3AI score0.03055EPSS
Exploits3References4
vulnrichment
vulnrichment
added 2023/06/25 12:0 a.m.12 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

6.7AI score0.03055EPSS
Exploits3References2
cnnvd
cnnvd
added 2023/06/25 12:0 a.m.7 views

Shibboleth 代码问题漏洞

Shibboleth is an open source SAML protocol web single sign-on system for Windows based platforms from Shibboleth, UK. A security vulnerability exists in Shibboleth XMLTooling prior to version 3.2.4, which is caused by server-side request forgery SSRF via a specially crafted KeyInfo element...

7.5CVSS8.3AI score0.03055EPSS
Exploits3References5
cvelist
cvelist
added 2023/06/25 12:0 a.m.50 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5AI score0.03055EPSS
Exploits3References2
cve
cve
added 2023/06/25 12:0 a.m.181 views

CVE-2023-36661

CVE-2023-36661 affects Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider. The underlying issue is a server-side request forgery (SSRF) via a crafted KeyInfo element in XML signatures. This yields unauthenticated SSRF risk with impact on availability (per CVE ...

7.5CVSS7.2AI score0.03055EPSS
In wildExploits3References2Affected Software1
debiancve
debiancve
added 2023/06/25 12:0 a.m.37 views

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS6.7AI score0.03055EPSS
Exploits3
Rows per page
Query Builder