Lucene search
K

17 matches found

NVD
NVD
added 2026/07/04 9:17 p.m.11 views

CVE-2024-1248

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

5.3CVSS0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/04 8:38 p.m.7 views

CVE-2024-1248

The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...

4.8CVSS5.9AI score0.00191EPSS
Exploits0References2Affected Software5
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.14 views

PT-2026-55730

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation. When...

5.3CVSS5.9AI score0.00191EPSS
Exploits0References7
OSV
OSV
added 2026/02/24 9:16 a.m.5 views

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

8.1CVSS5.7AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 8:51 a.m.5 views

CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

7.7CVSS5.2AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.8 views

CVE-2022-23721

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.8CVSS6.9AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.6 views

CVE-2020-7245

Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...

9.8CVSS7.2AI score0.01166EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-28657

Malicious code in bioql PyPI...

3.8CVSS4.7AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/10 6:0 p.m.22 views

CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard...

3.1CVSS6.9AI score0.00356EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/10 6:0 p.m.19 views

CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard...

3.1CVSS0.00356EPSS
Exploits0References1
OSV
OSV
added 2023/04/25 7:15 p.m.3 views

CVE-2022-23721

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.3CVSS5.8AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2023/04/25 7:15 p.m.14 views

CVE-2022-23721

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.8CVSS4.2AI score0.00218EPSS
Exploits0References1
Prion
Prion
added 2023/04/25 7:15 p.m.16 views

Design/Logic Flaw

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

1.7CVSS4.2AI score0.00218EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.10 views

CVE-2022-23721 PingID integration for Windows login duplicate username collision.

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.8CVSS6.9AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2023/04/25 12:0 a.m.39 views

CVE-2022-23721

CVE-2022-23721 affects PingID integration for Windows login prior to version 2.9. The issue arises because the component does not handle duplicate usernames, enabling a username collision when two users with the same username are provisioned on the same machine at different times. Impact is descr...

3.8CVSS3.9AI score0.00218EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.23 views

CVE-2022-23721 PingID integration for Windows login duplicate username collision.

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

3.8CVSS4.6AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/26 12:0 a.m.3 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak suffers from a security vulnerability that originates from an attacker being able to register with a username that is the same...

5.3CVSS6.9AI score0.01843EPSS
Exploits1References4
Rows per page
Query Builder