CVE-2023-52240
漏洞描述
在Atlassian产品中,Kantega SAML SSO OIDC Kerberos Single Sign-on应用在版本6.20.0之前允许跨站脚本攻击(XSS),如果启用了SAML POST绑定。受影响的版本包括4.4.2至4.14.8在4.14.9之前,5.0.0至5.11.4在5.11.5之前,以及6.0.0至6.19.0在6.20.0之前。受影响的完整产品名称为:
– Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server(Kantega SSO Enterprise)
– Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server(Kantega SSO Enterprise)
– Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server(Kantega SSO Enterprise)
– Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server(Kantega SSO Enterprise)
– Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server(Kantega SSO Enterprise)(这里,“FeCru”指的是同时运行的Atlassian Fisheye和Crucible产品。)
安全风险CVSS等级评估
| 基础分数 | 风险等级 | 可利用性评分 |
|---|---|---|
| 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
细节文章
CVSS scores for CVE-2023-52240:https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-single-sign-on-for-fecru?hosting=server&tab=overview
CWE ids for CVE-2023-52240:https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-single-sign-on-for-confluence?hosting=datacenter&tab=overview
References for CVE-2023-52240:https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bitbucket?hosting=datacenter&tab=overview
Products affected by CVE-2023-52240:https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bamboo?hosting=datacenter&tab=overview
暂无评论内容