Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shibboleth vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key ...
Shibboleth Service Provider 2.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-0486
Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks ...
Shibboleth Xmltooling-c
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-0489
Shibboleth XMLTooling-C prior to 1.6.4, as used in Shibboleth Service Provider prior to 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote malicious users to obtain sensitive information or conduct impersonation attacks via craf...
Shibboleth Xmltooling-c
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Arubanetworks Clearpass
NA
CVE-2009-3300
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x prior to 1.3.4 and 2.x prior to 2.1.5, and the Service Provider 1.3.x prior to 1.3.5 and 2.x prior to 2.3, in Internet2 Middleware Initiative Shibboleth allow remote malicious users to inject...
Internet2 Identity Provider 2.1.2
Internet2 Identity Provider 2.1.3
Internet2 Service Provider 2.2
Internet2 Service Provider 2.1
Internet2 Identity Provider 1.3.1
Internet2 Identity Provider 1.3
Internet2 Service Provider 1.3.1
Internet2 Service Provider 1.3.2
Internet2 Identity Provider 1.3.3
Internet2 Identity Provider 1.3.2
Internet2 Identity Provider 2.1.4
Internet2 Service Provider 1.3
Internet2 Identity Provider 2.1.0
Internet2 Identity Provider 2.1.1
Internet2 Service Provider 1.3.3
Internet2 Service Provider 2.0
NA
CVE-2015-0851
XMLTooling-C prior to 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote malicious users to cause a denial of service (crash) via schema-invalid XML data.
Xmltooling Project Xmltooling
9.8
CVSSv3
CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
Moodle Moodle
2 Github repositories
1 Article
NA
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, and 2.5.x prior to 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin inte...
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.6
Moodle Moodle 2.4.8
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle 2.3.2
Moodle Moodle 2.3.9
Moodle Moodle
Moodle Moodle 2.3.3
6.1
CVSSv3
CVE-2017-18262
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
Blackboard Blackboard Learn 9.1
Blackboard Blackboard Learn
4.3
CVSSv3
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
Moodle Moodle
7.2
CVSSv3
CVE-2021-20187
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Moodle Moodle
Moodle Moodle 3.10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »