providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 prior to 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ipsilon project ipsilon 0.3.0 |
||
ipsilon project ipsilon 0.1.0 |
||
ipsilon project ipsilon 0.4.0 |
||
ipsilon project ipsilon 0.5.0 |
||
ipsilon project ipsilon 0.6.0 |
||
ipsilon project ipsilon 1.0.0 |