PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-1248 WSO2 CVE debrief

CVE-2024-1248 is a medium-severity vulnerability (CVSS Score: 4.8) affecting the silent Just-In-Time (JIT) provisioning feature in federated authentication implementations. The vulnerability allows an attacker to overwrite existing roles of local users with roles assigned to a federated user when a federated user shares a username with a local user. This issue requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. The overwritten roles are limited to those defined within the federated IDP. Exploitation could grant minimal access rights unless explicitly configured otherwise by the federated IDP administrator. Evidence from official sources indicates this vulnerability was published on 2026-07-04.

Vendor
WSO2
Product
WSO2 API Manager
CVSS
MEDIUM 4.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Organizations using federated authentication with silent JIT provisioning enabled should prioritize patching. Specifically, those with WSO2 products might be affected, as indicated by a security advisory from WSO2. Administrators of local user accounts and federated IDP configurations must assess their exposure and take necessary actions.

Technical summary

The silent JIT provisioning feature fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user. The vulnerability has a CVSS Score of 4.8 and a CVSS Severity of MEDIUM. The CVSS Vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L. CWE-298 is associated with this vulnerability.

Defensive priority

Apply patches or disable silent JIT provisioning if not required. Review and restrict federated IDP role assignments to minimize potential impact.

Recommended defensive actions

  • Apply patches or updates provided by the vendor to fix the silent JIT provisioning vulnerability.
  • Disable silent JIT provisioning if not required, and review federated IDP configurations.
  • Restrict federated IDP role assignments to minimize potential impact.
  • Monitor for suspicious activity related to user role changes.
  • Review and update local user account management processes to account for federated user interactions.

Evidence notes

The CVE record and NVD detail provide official information on CVE-2024-1248. A WSO2 security advisory (WSO2-2024-3179) is referenced, suggesting potential impact on WSO2 products. The vulnerability's details and CVSS score are based on official sources.

Official resources

This article is AI-assisted and based on the supplied source corpus.