2019-07-12 Signing Certificates not checked for expiration
Summary | IdP Token Signing Certificates were not checked for expiration |
|---|---|
Advisory Release Date | 2019/07/12 |
Products | SAML Single Sign On (SSO) for JIRA SAML Single Sign On (SSO) for Confluence SAML Single Sign On (SSO) for Bitbucket |
Affected SAML SSO versions | 2.1.0 - 3.2.2 |
Fixed SAML SSO versions | |
CVSS 3.0 Vector String | |
CVSS 3.0 Score |
Summary of Vulnerability
Due to a bug, the IdP Token Signing Certificates were not checked for expiration.
What You Need to Do
Upgrade to SAML Single Sign On (SSO) Version 2.4.8 or 3.1.0 or higher.
If you need help with either if these courses of action, please raise a support request via our Support Portal.
Support
If you have questions or concerns regarding this advisory, please raise a support request via our Support Portal.