Strix
26.1K

CVE-2024-1524

HIGHCVSS 8.1/10EPSS 0.26%

Last modified

CVE-2024-1524 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. EPSS estimates a 0.26% chance of exploitation in the next 30 days.

Description

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username.

Metrics

CVSS 3.1
8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.26%

17.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Wso2Api Manager>= 4.2.0, < 4.2.0.108
Wso2Identity Server>= 6.0.0, < 6.0.0.171
Wso2Identity Server>= 6.1.0, < 6.1.0.128

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-1524?
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control. The Deployment should have: -An IDP configured for federated authentication with Silent JIT provisioning enabled. The malicious actor should have: -A fresh valid user account in the federated IDP that has not been used earlier. -Knowledge of the username of a valid user in the local IDP. -An account at the federated IDP matching the targeted local username.
How severe is CVE-2024-1524?
CVE-2024-1524 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.26% probability of exploitation in the next 30 days.
How do I fix CVE-2024-1524?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-1524?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST