Back to bug 1392829
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-11-08 10:34:27 UTC | CC | security-response-team | |
| Adam Mariš | 2016-11-08 10:35:27 UTC | Blocks | 1392831 | |
| Adam Mariš | 2016-11-08 12:32:12 UTC | Whiteboard | impact=moderate,public=no,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=6.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected | impact=moderate,public=no,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected |
| Gabriel Rocha | 2016-11-09 22:07:46 UTC | CC | grocha | |
| Doran Moppert | 2016-11-11 04:31:25 UTC | Doc Text | A vulnerability was found in ipsilon, in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could cause see what service providers other users are logged in to, and terminate their sessions. | |
| Doran Moppert | 2016-11-11 04:31:41 UTC | Whiteboard | impact=moderate,public=no,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected | impact=moderate,public=no,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected |
| Doran Moppert | 2016-11-11 05:40:11 UTC | Whiteboard | impact=moderate,public=no,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected | impact=important,public=no,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected |
| Doran Moppert | 2016-11-11 05:40:15 UTC | Severity | medium | high |
| Doran Moppert | 2016-11-11 05:40:18 UTC | Priority | medium | high |
| Doran Moppert | 2016-11-11 05:48:37 UTC | Depends On | 1394116 | |
| Doran Moppert | 2016-11-11 05:48:46 UTC | Depends On | 1394117 | |
| Eric Christensen | 2016-11-11 19:41:48 UTC | Doc Text | A vulnerability was found in ipsilon, in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could cause see what service providers other users are logged in to, and terminate their sessions. | A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions. |
| Cedric Buissart | 2016-11-14 16:22:49 UTC | Whiteboard | impact=important,public=no,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected | impact=important,public=20161121,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected |
| Cedric Buissart | 2016-11-14 16:52:30 UTC | Whiteboard | impact=important,public=20161121,reported=20161104,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected | impact=important,public=20161121,reported=20161104,source=redhat,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected |
| Kaleem | 2016-11-16 13:34:23 UTC | Status | NEW | VERIFIED |
| CC | ksiddiqu | |||
| Tomas Hoger | 2016-11-18 15:05:14 UTC | Status | VERIFIED | NEW |
| Cedric Buissart | 2016-11-21 10:04:40 UTC | Summary | EMBARGOED CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions | CVE-2016-8638 ipsilon: DoS via logging out all open SAML2 sessions |
| Cedric Buissart | 2016-11-21 10:04:43 UTC | Group | security, qe_staff | |
| Cedric Buissart | 2016-11-21 10:09:10 UTC | Depends On | 1396973 | |
| Cedric Buissart | 2016-11-21 13:36:27 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-21 08:36:27 UTC | |||
| Cedric Buissart | 2016-11-21 15:54:00 UTC | CC | cbuissar | |
| Adam Mariš | 2016-11-22 08:11:17 UTC | Whiteboard | impact=important,public=20161121,reported=20161104,source=redhat,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-288,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected | impact=important,public=20161121,reported=20161104,source=redhat,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-592,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected |
| Pedro Sampaio | 2017-12-18 13:21:04 UTC | Blocks | 1526611 | |
| CC | psampaio | |||
| Pedro Sampaio | 2017-12-19 13:32:36 UTC | Blocks | 1526611 | |
| Product Security DevOps Team | 2019-09-29 13:59:56 UTC | Whiteboard | impact=important,public=20161121,reported=20161104,source=redhat,cvss2=6.4/AV:N/AC:L/Au:N/C:P/I:N/A:P,cvss3=8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H,cwe=CWE-592,rhel-7/ipsilon=affected,fedora-all/ipsilon=affected |
Back to bug 1392829