Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
References
Link | Resource |
---|---|
https://bugs.debian.org/985405 | Mailing List Third Party Advisory |
https://git.shibboleth.net/view/?p=cpp-sp.git%3Ba=commit%3Bh=d1dbebfadc1bdb824fea63843c4c38fa69e54379 | |
https://issues.shibboleth.net/jira/browse/SSPCPP-922 | Issue Tracking Patch Vendor Advisory |
https://shibboleth.net/community/advisories/secadv_20210317.txt | Vendor Advisory |
https://www.debian.org/security/2021/dsa-4872 | Mailing List Third Party Advisory |
Configurations
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
26 Mar 2021, 14:13
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CWE | CWE-74 | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CWE | CWE-74 | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-74 | |
CWE | CWE-74 | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CWE | CWE-74 | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-74 | |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://issues.shibboleth.net/jira/browse/SSPCPP-922 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://bugs.debian.org/985405 - Mailing List, Third Party Advisory | |
References | (MISC) https://shibboleth.net/community/advisories/secadv_20210317.txt - Vendor Advisory | |
References | (MISC) https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379 - Patch, Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2021/dsa-4872 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:shibboleth:service_provider:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
22 Mar 2021, 11:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CWE | ||
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CWE | ||
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CWE | ||
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CWE | ||
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
22 Mar 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-22 08:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-28963
Mitre link : CVE-2021-28963
CVE.ORG link : CVE-2021-28963
JSON object : View
Products Affected
debian
- debian_linux
shibboleth
- service_provider
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')