Описание
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 3.2.4-2.1build3 |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | released | 1.5.6-2ubuntu0.3+esm1 |
| esm-infra-legacy/trusty | needed | |
| focal | ignored | end of standard support, was needed |
| jammy | needed |
Показывать по
EPSS
7.5 High
CVSS3
Связанные уязвимости
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...
EPSS
7.5 High
CVSS3