Recommendation by bitvoodoo
- If you use this app for Jira / Confluence / Bitbucket / Bamboo, update to version 6.20.0
Support
If you need any assistance please contact the bitvoodoo support via support.bitvoodoo.ch.
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
Version 1 Current »
On Kantega released a new version of Kantega SSO Enterprise to fix security vulnerabilities in their app related to a faulty URL parameter sanitization allows HTML injection into the SAML login page. We urge our customers to update to the latest available version of Kantega SSO Enterprise.
Summary | Faulty sanitization allows remote attackers to inject arbitrary web script or HTML via URL parameters on the SAML POST binding login servlet in Kantega SSO Enterprise. |
Affected apps | Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira |
Affected versions | All versions between 4.4.2 - 4.14.8, 5.0.0 - 5.11.4 and 6.0.0 - 6.19.0 |
Affected product feature | Identity Providers > SAML > Advanced SAML Settings > POST binding |
Patched versions | Starting from 6.20.0. Backport patches: 5.11.5, 4.14.9 |
Date |
|
---|---|
Product | Kantega SSO Enterprise |
Vulnerability | Critical |
Marketplace link | |
Base product | Jira / Confluence / Bitbucket / Bamboo |
Vendor | Kantega |
If you need any assistance please contact the bitvoodoo support via support.bitvoodoo.ch.