EUVD-2020-12575

Malware in sbrugna...

EUVD-2017-0105

Malware in sbrugna...

CVE-2012-2351

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...

Ipsilon denial of service via a duplicate SP name

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

Moderate: mod_auth_mellon security update

The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fixes: modauthmellon: Open Redirect vulnerability in logo...

ALSA-2022:1934 Moderate: mod_auth_mellon security update

The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fixes: modauthmellon: Open Redirect vulnerability in logo...

[SECURITY] Fedora 34 Update: mod_auth_mellon-0.18.0-1.fc34

The modauthmellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server...

[SECURITY] Fedora 35 Update: mod_auth_mellon-0.18.0-1.fc35

The modauthmellon module is an authentication service that implements the SAML 2.0 federation protocol. It grants access based on the attributes received in assertions generated by a IdP server...

Virtuozzo 7 : mod_auth_mellon / mod_auth_mellon-diagnostics (VZLSA-2019-0766)

An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 8 : mod_auth_mellon (RHSA-2020:1660)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1660 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...

CVE-2020-1727

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

CVE-2020-1727

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

Input validation

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

CVE-2020-1727

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

CVE-2020-1727

CVE-2020-1727 affects Keycloak prior to 9.0.2. Description in connected Red Hat advisories confirms a missing input validation in IDP authorization URLs, enabling crafting of deep links that may enable further attack scenarios. Mitigation is to apply the referenced security update (e.g., Red Hat ...

Lack Of Input Validation

keycloak does not perform adequate input validation. The Authorization URL pointing to an IDP server does not perform proper input validation, allowing an attacker to craft malicious links that can be used to exploit other vulnerabilities within the application...

CVE-2020-1727

A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

Moderate: Red Hat Security Advisory: mod_auth_mellon security and bug fix update

An update for modauthmellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

mod_auth_mellon security update

CentOS Errata and Security Advisory CESA-2020:1003 An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2015-5216

The CVE-2015-5216 entry affects Ipsilon IdP server versions 0.1.0 through 1.0.0. Root cause: improper escaping of characters in a Python exception-message template, enabling remote XSS via an HTTP response. Connected sources (e.g., PT-2020-7857) corroborate the same issue and specify the affected...