You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
OR
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bamboo:*:* versions up to (excluding) 2.5.9
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bitbucket:*:* versions up to (excluding) 2.5.9
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:fisheye:*:* versions up to (excluding) 2.5.9
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bamboo:*:* versions from (including) 3.0.0 up to (excluding) 3.6.6
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bitbucket:*:* versions from (including) 3.0.0 up to (excluding) 3.6.6
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:confluence:*:* versions up to (excluding) 3.5.6
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:confluence:*:* versions from (including) 3.6.0 up to (excluding) 3.6.6.1
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:jira:*:* versions up to (excluding) 3.6.6.1
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bamboo:*:* versions from (including) 4.0.0 up to (excluding) 4.0.12
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bitbucket:*:* versions from (including) 4.0.0 up to (excluding) 4.0.12
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:confluence:*:* versions from (including) 4.0.0 up to (excluding) 4.0.12
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:jira:*:* versions from (including) 4.0.0 up to (excluding) 4.0.12
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bamboo:*:* versions from (including) 5.0.0 up to (excluding) 5.0.5
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bitbucket:*:* versions from (including) 5.0.0 up to (excluding) 5.0.5
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:confluence:*:* versions from (including) 5.0.0 up to (excluding) 5.0.5
*cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:jira:*:* versions from (including) 5.0.0 up to (excluding) 5.0.5
Added
CVSS V2
NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added
CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added
CWE
NIST CWE-306
Changed
Reference Type
https://wiki.resolution.de/doc/saml-sso/5.0.x/all/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known No Types Assigned
https://wiki.resolution.de/doc/saml-sso/5.0.x/all/security-advisories/2021-07-29-authentication-bypass-network-attacker-can-login-to-users-accounts-when-usernames-are-known Third Party Advisory