Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
High severity
GitHub Reviewed
Published
Dec 15, 2023
to the GitHub Advisory Database
•
Updated May 17, 2024
Description
Published by the National Vulnerability Database
Dec 15, 2023
Published to the GitHub Advisory Database
Dec 15, 2023
Reviewed
Jan 5, 2024
Last updated
May 17, 2024
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met:
Attacker should have:
When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.
References