Vulnerability Description
The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kantega-Sso | Kantega Saml Sso Oidc Kerberos Single Sign-On | >= 4.4.2, < 4.14.9 |
Related Weaknesses (CWE)
References
- https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+VulnVendor Advisory
- https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-siProduct
- https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1226473473/Security+VulnVendor Advisory
- https://marketplace.atlassian.com/apps/1211923/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1212126/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1213019/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1215262/kantega-saml-sso-oidc-kerberos-siProduct
- https://marketplace.atlassian.com/apps/1215263/kantega-saml-sso-oidc-kerberos-siProduct
FAQ
What is CVE-2023-52240?
CVE-2023-52240 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5....
How severe is CVE-2023-52240?
CVE-2023-52240 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52240?
Check the references section above for vendor advisories and patch information. Affected products include: Kantega-Sso Kantega Saml Sso Oidc Kerberos Single Sign-On.