CVE-2023-52240

{"id": "CVE-2023-52240", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-12-29T22:15:37.070", "references": [{"url": "https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+Vulnerability+HTML+injection+Cross-site+scripting+in+SAML+POST+binding+Kantega+SSO+Enterprise", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-single-sign-on-for-jira?hosting=datacenter&tab=versions", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-single-sign-on-for-confluence?hosting=datacenter&tab=overview", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bitbucket?hosting=datacenter&tab=overview", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bamboo?hosting=datacenter&tab=overview", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-single-sign-on-for-fecru?hosting=server&tab=overview", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+Vulnerability+HTML+injection+Cross-site+scripting+in+SAML+POST+binding+Kantega+SSO+Enterprise", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-single-sign-on-for-jira?hosting=datacenter&tab=versions", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-single-sign-on-for-confluence?hosting=datacenter&tab=overview", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bitbucket?hosting=datacenter&tab=overview", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-single-sign-on-for-bamboo?hosting=datacenter&tab=overview", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-single-sign-on-for-fecru?hosting=server&tab=overview", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)"}, {"lang": "es", "value": "Las aplicaciones de inicio de sesi\u00f3n \u00fanico Kantega SAML SSO OIDC Kerberos anteriores a 6.20.0 para productos Atlassian permiten XSS si el enlace SAML POST est\u00e1 habilitado. Esto afecta a 4.4.2 a 4.14.8 antes de 4.14.9, 5.0.0 a 5.11.4 antes de 5.11.5 y 6.0.0 a 6.19.0 antes de 6.20.0. Los nombres completos de los productos son Kantega SAML SSO OIDC Kerberos Single Sign-on para Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on para Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO Single Sign-on OIDC Kerberos para Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on para Bamboo Data Center & Server (Kantega SSO Enterprise) y Kantega SAML SSO OIDC Kerberos Single Sign-on para Servidor FeCru (Kantega SSO Enterprise). (Aqu\u00ed, FeCru se refiere a los productos Atlassian Fisheye y Crucible que funcionan juntos)."}], "lastModified": "2024-11-21T08:39:28.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bamboo:*:*", "vulnerable": true, "matchCriteriaId": "E25CE452-6A9D-43CD-B2C0-9F05CF1435ED", "versionEndExcluding": "4.14.9", "versionStartIncluding": "4.4.2"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bitbucket:*:*", "vulnerable": true, "matchCriteriaId": "18085385-2727-4A8B-AF51-A3AA95E5C621", "versionEndExcluding": "4.14.9", "versionStartIncluding": "4.4.2"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "26A03B32-B6EE-4B44-B2AB-A19330AB6314", "versionEndExcluding": "4.14.9", "versionStartIncluding": "4.4.2"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:fecru:*:*", "vulnerable": true, "matchCriteriaId": "3BCC69B7-03CF-4BD8-BB05-3A94A9A5D67F", "versionEndExcluding": "4.14.9", "versionStartIncluding": "4.4.2"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:jira:*:*", "vulnerable": true, "matchCriteriaId": "29942ED3-4BBE-48EC-8C56-5B83D4B3BCAB", "versionEndExcluding": "4.14.9", "versionStartIncluding": "4.4.2"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bamboo:*:*", "vulnerable": true, "matchCriteriaId": "17705BE4-8F5F-4599-B5BC-B39371431C0E", "versionEndExcluding": "5.11.5", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bitbucket:*:*", "vulnerable": true, "matchCriteriaId": "373A48CC-0592-4629-821A-21CEF001D749", "versionEndExcluding": "5.11.5", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "695DD0D2-9E61-4BEE-B2C5-D8DF581AC1E4", "versionEndExcluding": "5.11.5", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:jira:*:*", "vulnerable": true, "matchCriteriaId": "15376799-816D-4B38-8A98-5C59720BDF7A", "versionEndExcluding": "5.11.5", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bamboo:*:*", "vulnerable": true, "matchCriteriaId": "B0E70B97-26D0-4D58-AC51-782EF31E5C93", "versionEndExcluding": "6.20.0", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:bitbucket:*:*", "vulnerable": true, "matchCriteriaId": "2FB079FA-EF11-4DAE-8C67-CDFC2EE681B2", "versionEndExcluding": "6.20.0", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "A2BC8F24-D8C2-48BD-A269-A4E3587B1381", "versionEndExcluding": "6.20.0", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:kantega-sso:kantega_saml_sso_oidc_kerberos_single_sign-on:*:*:*:*:*:jira:*:*", "vulnerable": true, "matchCriteriaId": "4602AD1E-9DB9-4607-8281-97AABDC0A948", "versionEndExcluding": "6.20.0", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}