VYPR

Himmelblau

by Himmelblau Idm

Source repositories

CVEs (10)

  • CVE-2026-45108HigMay 27, 2026
    risk 0.48cvss 8.4epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to…

  • CVE-2026-34397MedApr 1, 2026
    risk 0.34cvss 6.3epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated…

  • CVE-2025-49012MedJun 5, 2025
    risk 0.28cvss 5.4epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead…

  • CVE-2025-53013MedJun 26, 2025
    risk 0.27cvss 5.2epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the…

  • CVE-2025-59044MedSep 9, 2025
    risk 0.22cvss 4.4epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows…

  • CVE-2025-24034LowJan 23, 2025
    risk 0.14cvss 3.2epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently…

  • CVE-2025-54781LowAug 2, 2025
    risk 0.11cvss 2.8epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the…

  • CVE-2026-31979Mar 11, 2026
    risk 0.00cvss epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_ without symlink protections. Since commit 87a51ee, PrivateTmp is…

  • CVE-2026-31957Mar 11, 2026
    risk 0.00cvss epss 0.01

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication…

  • CVE-2025-54882Aug 7, 2025
    risk 0.00cvss epss 0.00

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and…