GHSA-53HJ-R94P-8C8F Kanidm has non-constant-time comparison of OAuth2 client_secret

Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...

CVE-2026-46689

creationtimestamp| type| source ---|---|--- 2026-04-30 02:48:09+00:00| published-proof-of-concept| https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh...

openSUSE 15 Security Update : kanidm (openSUSE-SU-2025:0152-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0152-1 advisory. - Update to version 1.6.2git0.a20663ea8: Release 1.6.2 fix: clippy maint: typo in log message Set kid manually to prevent divergence Order keys in...

OPENSUSE-SU-2025:0152-1 Security update for kanidm

This update for kanidm fixes the following issues: - Update to version 1.6.2git0.a20663ea8: Release 1.6.2 fix: clippy maint: typo in log message Set kid manually to prevent divergence Order keys in application JWKS / Fix rotation bug Fix toml issues with strings - Update to version...

Security update for kanidm (moderate)

openSUSE Security Update: Security update for kanidm Announcement ID: openSUSE-SU-2025:0152-1 Rating: moderate References: 1242642 Cross-References: CVE-2025-3416 CVSS scores: CVE-2025-3416 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE...

kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media (moderate)

kanidm-1.6.0git0.d7ae0f336-1.1 on GA media Announcement ID: openSUSE-SU-2025:15060-1 Rating: moderate Cross-References: CVE-2025-3416 CVSS scores: CVE-2025-3416 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-3416 SUSE : 6.3...

OPENSUSE-SU-2025:15060-1 kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media

These are all security issues fixed in the kanidm-1.6.0git0.d7ae0f336-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

kanidm-provision 日志信息泄露漏洞

kanidm-provision is a small utility program from the individual developers at oddlama to help configure kanidm. A log information disclosure vulnerability exists in kanidm-provision versions prior to 1.2.0, which stems from a function error in the supplied kanidm patch that causes administrator...

openSUSE 15 Security Update : kanidm (openSUSE-SU-2024:0294-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0294-1 advisory. - kanidm version 1.3.3git0.f075d13: Release 1.3.3 Mail substr index 2981 Tenable has extracted the preceding description block directly from the...

OPENSUSE-SU-2024:0294-1 Security update for kanidm

This update for kanidm fixes the following issues: - kanidm version 1.3.3git0.f075d13: Release 1.3.3 Mail substr index 2981...

Security update for kanidm (moderate)

openSUSE Security Update: Security update for kanidm Announcement ID: openSUSE-SU-2024:0294-1 Rating: moderate References: 1191031 1194119 1196972 1210356 Cross-References: CVE-2021-45710 CVE-2022-24713 CVE-2023-26964 CVSS scores: CVE-2021-45710 SUSE: 3.3...

OPENSUSE-SU-2024:11941-1 kanidm-1.1.0~alpha7~git0.c8468199-2.1 on GA media

These are all security issues fixed in the kanidm-1.1.0alpha7git0.c8468199-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12859-1 kanidm-1.1.0~alpha11~git0.d3a2a6b-3.1 on GA media

These are all security issues fixed in the kanidm-1.1.0alpha11git0.d3a2a6b-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11711-1 kanidm-1.1.0~alpha7~git0.c8468199-1.1 on GA media

These are all security issues fixed in the kanidm-1.1.0alpha7git0.c8468199-1.1 package on the GA media of openSUSE Tumbleweed...

openSUSE: Security Advisory for kanidm (openSUSE-SU-2024:0095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:0095-1 Security update for kanidm

This update for kanidm fixes the following issues: Update to version 1.1.0rc16git6.e51d0de: SECURITY: LOW Administrator triggered thread crash in oauth2 claim maps 2686 2686 return consent map to service account 2604...

Security update for kanidm (moderate)

openSUSE Security Update: Security update for kanidm Announcement ID: openSUSE-SU-2024:0095-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP5 An update that contains security fixes can now be installed. Description: This update for kanidm fixes the following issues:...

openSUSE 15 Security Update : kanidm (openSUSE-SU-2024:0095-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0095-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...