It was found that Ipsilon does not check whether a user is authorized to delete a service provider. This makes it possible for any authenticated user to delete any service provider, causing a denial of service.
The vulnerable code is at:
https://pagure.io/ipsilon/blob/master/f/ipsilon/providers/saml2/admin.py#_309
This has been fixed with 9dec97c
Releases 1.0.2 and 1.1.1 have been released to resolve this.
keywords: => security milestone: => 1.2 resolution: => fixed status: new => closed
Fields changed
type: defect => Security
Metadata Update from @puiterwijk: - Issue assigned to puiterwijk - Issue set to the milestone: 1.2 - Issue tagged with: security
Login to comment on this ticket.