Atlassian Saml Single Sign On vulnerabilities
2 known vulnerabilities affecting atlassian/saml_single_sign_on.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-37843P2CRITICALCVSS 9.8fixed in 2.5.9fixed in 3.5.6+5 more2021-08-02
CVE-2021-37843 [CRITICAL] CWE-306 CVE-2021-37843: The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user accou
The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for Bitbucket 2.5.9, 3.6.6, 4.0.12, 5.0.5; for Bamboo 2.5.9, 3.6.6, 4.0.12,
nvd
CVE-2019-13347P3HIGHCVSS 7.5≥ 2.4.0, ≤ 3.0.3≥ 3.1.0, ≤ 3.2.22019-12-13
CVE-2019-13347 [HIGH] CVE-2019-13347: An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affec
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbu
nvd