Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Communcation by Vendor
On Kantega released a new version of Kantega SSO Enterprise to fix security vulnerabilities in their app related to a faulty URL parameter sanitization allows HTML injection into the SAML login page. We urge our customers to update to the latest available version of Kantega SSO Enterprise.
Summary | Faulty sanitization allows remote attackers to inject arbitrary web script or HTML via URL parameters on the SAML POST binding login servlet in Kantega SSO Enterprise. |
Affected apps | Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira |
Affected versions | All versions between 4.4.2 - 4.14.8, 5.0.0 - 5.11.4 and 6.0.0 - 6.19.0 |
Affected product feature | Identity Providers > SAML > Advanced SAML Settings > POST binding |
Patched versions | Starting from 6.20.0. Backport patches: 5.11.5, 4.14.9 |
Page properties | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Recommendation by bitvoodoo
- If you use this app for Jira / Confluence / Bitbucket / Bamboo, update to version 6.20.0 or latest
Support
If you need any assistance please contact the bitvoodoo support via support.bitvoodoo.ch.
...