CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31335
https://notcve.org/view.php?id=CVE-2025-31335
28 Mar 2025 — The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures). • https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 59%CPEs: 3EXPL: 1CVE-2023-36661 – Ubuntu Security Notice USN-6274-1
https://notcve.org/view.php?id=CVE-2023-36661
25 Jun 2023 — Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.) Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery. • https://packetstorm.news/files/id/177229 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-22947
https://notcve.org/view.php?id=CVE-2023-22947
11 Jan 2023 — Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake." Los permisos de carpeta inse... • https://shibboleth.atlassian.net/browse/SSPCPP-961 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.2EPSS: 9%CPEs: 1EXPL: 1CVE-2022-24129
https://notcve.org/view.php?id=CVE-2022-24129
04 Feb 2022 — The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. El plugin OIDC OP versiones anteriores a 3.0.4, para Shibboleth Identity Provider permite un ataque de tipo server-side request forgery (SSRF) debido a una restricción insuficiente del parámetro request_uri. Esto permite a atacantes interactuar con servicios HTTP arb... • http://shibboleth.net/community/advisories • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-31826 – Debian Security Advisory 4905-1
https://notcve.org/view.php?id=CVE-2021-31826
27 Apr 2021 — Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied. Shibboleth Service Provider versiones 3.x anteriores a 3.2.2, es propenso a un fallo de desreferencia del puntero NULL que involucra la funcionalidad session recovery. El fallo es explotable (para un bloqueo del demonio) en sistemas que no usan esta funcionalidad si... • https://bugs.debian.org/987608 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28963 – Ubuntu Security Notice USN-4925-1
https://notcve.org/view.php?id=CVE-2021-28963
22 Mar 2021 — Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. Shibboleth Service Provider versiones anteriores a 3.2.1, permite una inyección de contenido porque la generación de plantillas usa parámetros controlados por atacantes Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to ... • https://bugs.debian.org/985405 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27978
https://notcve.org/view.php?id=CVE-2020-27978
28 Oct 2020 — Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. Shibboleth Identify Provider versiones 3.x anteriores a 3.4.6, presenta un fallo de denegación de servicio. Un atacante remoto no autenticado puede causar un flujo de inicio de sesión para desencadenar un agotamiento de la pila de Java debido a la creación de objetos en l... • https://shibboleth.net/community/advisories/secadv_20191002.txt • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19191
https://notcve.org/view.php?id=CVE-2019-19191
21 Nov 2019 — Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. Shibboleth Service Provider (SP) versiones 3.x anteriores a 3.1.0, envió un archivo de especificaciones que llama a chown sobre archivos en un directorio controlado por el usuario del servicio (la cuenta shibd) después de la instalación. ... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00017.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2450
https://notcve.org/view.php?id=CVE-2010-2450
07 Nov 2019 — The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. El script keygen.sh en Shibboleth SP 2.0 (ubicado en /usr/local/etc/shibboleth por defecto) utiliza OpenSSL para crear una clave privada DES que es colocada en el archivo sp-key.pm. Se basa en la umask ... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2014-3603
https://notcve.org/view.php?id=CVE-2014-3603
04 Apr 2019 — The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Las implementaciones de (1) HttpResource y (2) FileBackedHttpResource en el Proveedor de Identidad (IdP) de Shibboleth, en ver... • http://secunia.com/advisories/60816 • CWE-297: Improper Validation of Certificate with Host Mismatch •