CVE-2023-52240

Summary

CVE-2023-52240 is a vulnerability affecting Kantega SAML SSO OIDC Kerberos Single Sign-on apps before version 6.20.0 for Atlassian products like Jira, Confluence, Bitbucket, Bamboo, and FeCru Server. If SAML POST Binding is enabled, these apps are vulnerable to cross-site scripting (XSS) attacks. The affected versions range from 4.4.2 to 4.14.8 before 4.14.9, 5.0.0 to 5.11.4 before 5.11.5, and 6.0.0 to 6.19.0 before 6.20.0 respectively for each product mentioned above. The danger posed by this vulnerability is moderate with a base severity rating of MEDIUM and a base score of 6.1 according to the National Vulnerability Database (NVD). The exploit requires user interaction and can be performed over the network without any privileges being required. To remediate this vulnerability, affected organizations should update their Kantega SAML SSO OIDC Kerberos Single Sign-on apps to version 6.20.0 or higher for all Atlassian products mentioned earlier. (Source: [email protected])

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.