Vulnerability Details : CVE-2015-5301
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).
Vulnerability category: Denial of service
Products affected by CVE-2015-5301
- cpe:2.3:a:ipsilon_project:ipsilon:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipsilon_project:ipsilon:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipsilon_project:ipsilon:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipsilon_project:ipsilon:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipsilon_project:ipsilon:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipsilon_project:ipsilon:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ipsilon_project:ipsilon:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ipsilon_project:ipsilon:0.3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5301
0.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5301
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:P |
8.0
|
4.9
|
NIST |
CWE ids for CVE-2015-5301
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5301
-
https://fedorahosted.org/ipsilon/wiki/Releases/v1.1.1
Overview - ipsilon - Pagure.io
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171076.html
[SECURITY] Fedora 21 Update: ipsilon-1.1.1-2.fc21
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171052.html
[SECURITY] Fedora 23 Update: ipsilon-1.1.1-2.fc23
-
https://bugzilla.redhat.com/show_bug.cgi?id=1271530
1271530 – (CVE-2015-5301) CVE-2015-5301 ipsilon: missing user authorization check when deleting a service provider
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171067.html
[SECURITY] Fedora 22 Update: ipsilon-1.1.1-2.fc22
-
https://pagure.io/ipsilon/9dec97c3c83928d231ea10f4160523a13803e594
Commit - ipsilon - 9dec97c3c83928d231ea10f4160523a13803e594 - Pagure.io
-
http://www.openwall.com/lists/oss-security/2015/10/27/8
oss-security - Multiple CVE info for Ipsilon
-
https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.2
Overview - ipsilon - Pagure.io
Jump to