6 matches found
EUVD-2024-55648
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
CVE-2024-1248
The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...
CVE-2024-1524
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...
CVE-2024-1524
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...
CVE-2024-1524
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...