CVE-2023-52240

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 29, 2023
Updated: Jan 8, 2024
CWE ID 79

Summary

CVE-2023-52240 is a vulnerability affecting Kantega SAML SSO OIDC Kerberos Single Sign-on apps before version 6.20.0 for Atlassian products like Jira, Confluence, Bitbucket, Bamboo, and FeCru Server. If SAML POST Binding is enabled, these apps are vulnerable to cross-site scripting (XSS) attacks. The affected versions range from 4.4.2 to 4.14.8 before 4.14.9, 5.0.0 to 5.11.4 before 5.11.5, and 6.0.0 to 6.19.0 before 6.20.0 respectively for each product mentioned above. The danger posed by this vulnerability is moderate with a base severity rating of MEDIUM and a base score of 6.1 according to the National Vulnerability Database (NVD). The exploit requires user interaction and can be performed over the network without any privileges being required. To remediate this vulnerability, affected organizations should update their Kantega SAML SSO OIDC Kerberos Single Sign-on apps to version 6.20.0 or higher for all Atlassian products mentioned earlier. (Source: nvd@nist.gov)

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-52240 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options