Skip to content

Ipsilon denial of service via a duplicate SP name

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Nov 22, 2024

Package

pip ipsilon (pip)

Affected versions

>= 0.1.0, < 1.0.1

Patched versions

1.2.0

Description

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.

References

Published by the National Vulnerability Database Nov 17, 2015
Published to the GitHub Advisory Database May 17, 2022
Reviewed Nov 22, 2024
Last updated Nov 22, 2024

Severity

Moderate

EPSS score

0.291%
(70th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2015-5217

GHSA ID

GHSA-6875-ff47-r6p6

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.