Explore top 10 tips to secure your open-source projects now. Read More
×
Multiple vulnerabilities were discovered in Keystone, the OpenStack identity service, which may result in authorisation bypass, privilege escalation, user impersonation or incomplete termination of access privileges. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1
Grzegorz Grasza discovered a vulnerability in the Openstack middleware to provide authentication and authorization features to web services other than Keystone: If an external OAuth provider is configured, authentication headers are insufficiently sanitised, which could result in privilege escalation or user impersonation.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1
Several vulnerabilities were discovered in Mailman, a web-based mailing list manager. An attacker could impersonate more privileged accounts through different vectors. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3049-1
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting (XSS) attacks or impersonate other users. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4985-1
Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4943-1
One security issue has been discovered in sogo. SOGo does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2707-1
It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4926-1
Andrew Bartlett discovered that awl, DAViCal Andrew's Web Libraries, did not properly handle session management: this would allow a malicious user to impersonate other sessions or users. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4660-1
Get the latest Linux and open source security news straight to your inbox.