Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAML Single Sign On 输入验证错误漏洞
Vulnerability Description
SAML Single Sign On是一款SAML(安全声明标记语言)单点登录解决方案。 SAML Single Sign On (SSO)中存在输入验证错误漏洞。攻击者可利用该漏洞激活被本地禁用的用户。以下产品及本版受到影响:SAML Single Sign On (SSO) 3.1.0版本至3.2.2版本(用于Bitbucket和Bamboo),3.1.0版本至3.2.2版本(用于Jira和Confluence)。
CVSS Information
N/A
Vulnerability Type
N/A