CVE-2019-13347
published 2019-12-13CVE-2019-13347: An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence…
PriorityP341high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
1.06%
60.3th percentile
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | saml_single_sign_on | 2.4.0 – 3.0.3 | — |
| atlassian | saml_single_sign_on | 3.1.0 – 3.2.2 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-13347 mercurial: Buffer underflow in mpatch.c:mpatch_apply()
bugzilla·2018-06-22·CVSS 7.5
CVE-2018-13347 [HIGH] CVE-2018-13347 mercurial: Buffer underflow in mpatch.c:mpatch_apply()
CVE-2018-13347 mercurial: Buffer underflow in mpatch.c:mpatch_apply()
Mercurial before version 4.6.1 is vulnerable to a buffer underflow in mpatch.c:mpatch_apply().
Upstream Changelog:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
Upstream Patch:
https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
Discussion:
Created mercurial tracking bugs for this issue:
Affects: fedora-all [bug 1594088]
---
This is related to CVE-2018-13346: this issue is writing before the output buffer, where the other reads past the end of input. In mercurial 2.6.2, it is present in the apply() function.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2276 https://access.redhat.com/errata/RHSA-2019:2276
---
This b
Bugzilla
CVE-2018-13346 mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply()
bugzilla·2018-06-22·CVSS 7.5
CVE-2018-13346 [HIGH] CVE-2018-13346 mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply()
CVE-2018-13346 mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply()
Mercurial before version 4.6.1 has a missing check for fragment start position in mpatch.c:mpatch_apply()
Upstream Changelog:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
Upstream Patch:
https://www.mercurial-scm.org/repo/hg/rev/faa924469635
Discussion:
This is related to CVE-2018-13347: this issue is reading past the end of input where the other writes before the output buffer. In mercurial 2.6.2, it is present in the apply() function.
---
Created mercurial tracking bugs for this issue:
Affects: fedora-all [bug 1594088]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2276 https://access.redhat.co
https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-sso-confluence?hosting=server&tab=overviewhttps://wiki.resolution.de/doc/saml-sso/latest/all/security-advisories/2019-07-11-users-are-always-re-enabled-during-login-when-updatedhttps://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-sso-confluence?hosting=server&tab=overviewhttps://wiki.resolution.de/doc/saml-sso/latest/all/security-advisories/2019-07-11-users-are-always-re-enabled-during-login-when-updated
2019-12-13
Published