5 matches found
CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
Insufficient Granularity of Access Control
Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control inadequate authorization checks in the POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE /api/agents/:id/keys/:keyId routes. An attacker can gain unauthorized access to sensitive...
PT-2013-4910 · Openstack · Openstack Identity
Name of the Vulnerable Software and Affected Versions: OpenStack Identity Keystone versions Folsom through Havana before havana-3 OpenStack Identity Keystone version Grizzly 2013.1.3 and earlier Description: The issue allows remote authenticated users to retain access via a token when a tenant is...
CVE-2013-4222
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...