Back to search
CVE-2015-5217
Published: Nov 17, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6
x_refsource_CONFIRM
https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1255172
x_refsource_CONFIRM
[oss-security] 20151027 Multiple CVE info for Ipsilon
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now