46 matches found
CVE-2026-24069
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
📄 Kiuwan SAST 2.8.2412.0 Improper Enforcement
It was found out that a user is still able to login at the Kiuwan WebUI via SSO, even if the Kiuwan mapped account has been disabled in the user settings by an admin. This issue has been addressed in version 2.8.2509.4. SEC Consult Vulnerability Lab Security Advisory...
CVE-2026-24069
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
CVE-2026-24069
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
CVE-2026-24069 Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
CVE-2026-24069
CVE-2026-24069 : Kiuwan SAST and Kiuwan Cloud improperly authorize SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Affected: Kiuwan Cloud and Kiuwan SAST on-premise (KOP) prior to version 2.8.2509.4. Root cause: improper enforce...
CVE-2026-24069 Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
PT-2026-32619
Name of the Vulnerable Software and Affected Versions Kiuwan Cloud affected versions not specified Kiuwan SAST on-premise KOP versions prior to 2.8.2509.4 Description Kiuwan SAST improperly authorizes SSO logins for mapped user accounts that have been locally disabled. This allows users whose...
Kiuwan SAST 安全漏洞
Kiuwan SAST is an application code static security analysis platform developed by Kiuwan Corporation. Versions of Kiuwan SAST prior to version 2.8.2509.4 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization for SSO login for locally disabled mapped user...
CVE-2023-49113
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...
CVE-2023-49110
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...
EUVD-2021-1292
Malware in sbrugna...
CVE-2023-49112
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2021-21666
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2023-49113
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...
CVE-2023-49111
For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...
CVE-2023-49110
When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...
CVE-2023-49112
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...
CVE-2023-49113 Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer
The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer. The JAR file...