VYPR
Vendor

Shibboleth Project

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2017-14313MedSep 12, 2017
    risk 0.40cvss 6.1epss 0.01

    The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().

  • CVE-2022-24129Feb 4, 2022
    risk 0.02cvss epss 0.06

    The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.

  • CVE-2011-2516Jul 11, 2011
    risk 0.01cvss epss 0.08

    Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer…

  • CVE-2010-2450Nov 7, 2019
    risk 0.00cvss epss 0.01

    The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key…