CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-22947
https://notcve.org/view.php?id=CVE-2023-22947
11 Jan 2023 — Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake." Los permisos de carpeta inse... • https://shibboleth.atlassian.net/browse/SSPCPP-961 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2021-31826 – Debian Security Advisory 4905-1
https://notcve.org/view.php?id=CVE-2021-31826
27 Apr 2021 — Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied. Shibboleth Service Provider versiones 3.x anteriores a 3.2.2, es propenso a un fallo de desreferencia del puntero NULL que involucra la funcionalidad session recovery. El fallo es explotable (para un bloqueo del demonio) en sistemas que no usan esta funcionalidad si... • https://bugs.debian.org/987608 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28963 – Ubuntu Security Notice USN-4925-1
https://notcve.org/view.php?id=CVE-2021-28963
22 Mar 2021 — Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. Shibboleth Service Provider versiones anteriores a 3.2.1, permite una inyección de contenido porque la generación de plantillas usa parámetros controlados por atacantes Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to ... • https://bugs.debian.org/985405 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19191
https://notcve.org/view.php?id=CVE-2019-19191
21 Nov 2019 — Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. Shibboleth Service Provider (SP) versiones 3.x anteriores a 3.1.0, envió un archivo de especificaciones que llama a chown sobre archivos en un directorio controlado por el usuario del servicio (la cuenta shibd) después de la instalación. ... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00017.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •