Vulnerability Description
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipsilon Project | Ipsilon | 0.1.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/10/27/8
- https://bugzilla.redhat.com/show_bug.cgi?id=1255172
- https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1
- https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6
- http://www.openwall.com/lists/oss-security/2015/10/27/8
- https://bugzilla.redhat.com/show_bug.cgi?id=1255172
- https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1
- https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6
FAQ
What is CVE-2015-5217?
CVE-2015-5217 is a vulnerability with a CVSS score of 4.0 (MEDIUM). providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote au...
How severe is CVE-2015-5217?
CVE-2015-5217 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5217?
Check the references section above for vendor advisories and patch information. Affected products include: Ipsilon Project Ipsilon.