Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Security Advisory:
#TitleDateSeverityDescription
1MidPoint user interface clickjacking21 Mar 2019MediumMidPoint user interface vulnerable to clickjacking due to missing X-Frame-Options header.
2Abuse of expressions in midPoint reports8 Apr 2019MediumMidPoint expressions embedded in midPoint reports can be used to gain unauthorized access to the system.
3XXE Vulnerabilities17 Apr 2019MediumThe way how MidPoint handles XML documents is vulnerable to attacks based on XML External Entities (XXE)
4AD and LDAP connectors do not check certificate validity17 Apr 2019HighLDAP and Active Directory connectors are not properly checking TLS/SSL certificate validity.
5Workitem identifier weakness18 Apr 2019MediumAny approver can display any workitem by guessing its short identifier.
6Plain text password in temporary files13 May 2019LowPlaintext password is sometimes left stored in temporary files on a file system.
7Plain text password in task objects in repository23 May 2019LowPlaintext passwords are sometimes stored in task objects in the repository (database).
8XSS Vulnerability In displayName14 Jun 2019LowCross-site scripting (XSS) vulnerability exists in some parts of midPoint user interface, namely in organization displayName.
9SOAP Web Service Vulnerable To Brute Force Attack9 Jul 2019MediumSOAP-based web service interface of midPoint does not limit authentication attempts.