CVE-2017-2582

MEDIUM Year: 2017
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-201
View all →

Vulnerability Description

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.

Related Vulnerabilities

CVE-2019-15580

MEDIUM
CVSS:6.5(Medium)

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head ...

CWE-2012019

CVE-2020-27748

MEDIUM
CVSS:6.5(Medium)

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbi...

CWE-2012020

CVE-2022-0018

MEDIUM
CVSS:6.5(Medium)

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when ...

CWE-2012022

CVE-2022-27671

MEDIUM
CVSS:6.5(Medium)

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

CWE-2012022

CVE-2023-28117

MEDIUM
CVSS:6.5(Medium)

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is ...

CWE-2012023

CVE-2023-4002

MEDIUM
CVSS:6.5(Medium)

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was ...

CWE-2012023