CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-22947
https://notcve.org/view.php?id=CVE-2023-22947
11 Jan 2023 — Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake." Los permisos de carpeta inse... • https://shibboleth.atlassian.net/browse/SSPCPP-961 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-31826 – Debian Security Advisory 4905-1
https://notcve.org/view.php?id=CVE-2021-31826
27 Apr 2021 — Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied. Shibboleth Service Provider versiones 3.x anteriores a 3.2.2, es propenso a un fallo de desreferencia del puntero NULL que involucra la funcionalidad session recovery. El fallo es explotable (para un bloqueo del demonio) en sistemas que no usan esta funcionalidad si... • https://bugs.debian.org/987608 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28963 – Ubuntu Security Notice USN-4925-1
https://notcve.org/view.php?id=CVE-2021-28963
22 Mar 2021 — Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. Shibboleth Service Provider versiones anteriores a 3.2.1, permite una inyección de contenido porque la generación de plantillas usa parámetros controlados por atacantes Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to ... • https://bugs.debian.org/985405 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19191
https://notcve.org/view.php?id=CVE-2019-19191
21 Nov 2019 — Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. Shibboleth Service Provider (SP) versiones 3.x anteriores a 3.1.0, envió un archivo de especificaciones que llama a chown sobre archivos en un directorio controlado por el usuario del servicio (la cuenta shibd) después de la instalación. ... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00017.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2450
https://notcve.org/view.php?id=CVE-2010-2450
07 Nov 2019 — The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. El script keygen.sh en Shibboleth SP 2.0 (ubicado en /usr/local/etc/shibboleth por defecto) utiliza OpenSSL para crear una clave privada DES que es colocada en el archivo sp-key.pm. Se basa en la umask ... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-16852
https://notcve.org/view.php?id=CVE-2017-16852
16 Nov 2017 — shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763. shibsp/metadata/DynamicMetadataProvider.cpp en el plugin Dynamic MetadataProvider en Shibboleth Service Provider, en versiones anteriores a la 2.6.1,... • https://bugs.debian.org/881857 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2684 – Debian Security Advisory 3207-1
https://notcve.org/view.php?id=CVE-2015-2684
30 Mar 2015 — Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. Shibboleth Service Provider (SP) anterior a 2.5.4 permite a usuarios remotos autenticados causar una denegación de servicio (caída) a través de un mensaje SAML manipulado. A denial of service vulnerability was found in the Shibboleth (an federated identity framework) Service Provider. When processing certain malformed SAML message generated by an authenticated atta... • http://www.debian.org/security/2015/dsa-3207 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2009-3300
https://notcve.org/view.php?id=CVE-2009-3300
06 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Identity Provider (IdP) v1.3.x anteriores a... • http://secunia.com/advisories/37237 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •