Ipsilon denial of service by deleting a SAML2 Service Provider (SP)
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Nov 22, 2024
Package
Affected versions
>= 0.1.0, < 1.0.2
>= 1.1.0, < 1.1.1
Patched versions
1.0.2
1.2.0
Description
Published by the National Vulnerability Database
Nov 17, 2015
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Nov 22, 2024
Last updated
Nov 22, 2024
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).
References