CVE-2015-5301
EPSS 0.66%Ipsilon denial of service by deleting a SAML2 Service Provider (SP)
Published: 5/17/2022Modified: 11/22/2024
Also known as:GHSA-9qp4-79q8-58pr
Description
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).
Affected packages (1)
- PyPI/ipsilon>= 0.1.0, < 1.0.2
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5301
- PATCHhttps://github.com/ipsilon-project/ipsilon
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1271530
- WEBhttps://fedorahosted.org/ipsilon/wiki/Releases/v1.0.2
- WEBhttps://fedorahosted.org/ipsilon/wiki/Releases/v1.1.1
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/ipsilon/PYSEC-2015-42.yaml
- WEBhttps://pagure.io/ipsilon/9dec97c3c83928d231ea10f4160523a13803e594
- WEBhttp://www.openwall.com/lists/oss-security/2015/10/27/8