CVE-2015-5301 — Ipsilon denial of service by deleting a SAML2 Service Provider (SP)

Description

providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).

How to fix CVE-2015-5301

To remediate CVE-2015-5301, upgrade the affected package to a fixed version below.

PyPI/ipsilon—upgrade to 1.0.2 or later
PyPI/ipsilon—no fix listed

Is CVE-2015-5301 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

>= 0.1.0, < 1.0.2
from 0

References (12)

ADVISORYgithub.com/advisories/GHSA-9qp4-79q8-58pr
ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-5301
PATCHgithub.com/ipsilon-project/ipsilon
WEBlists.fedoraproject.org/pipermail/package-announce/2015-November/171052.html