PatchSiren cyber security CVE debrief
CVE-2024-1248 WSO2 CVE debrief
CVE-2024-1248 is a medium-severity vulnerability (CVSS Score: 4.8) affecting the silent Just-In-Time (JIT) provisioning feature in federated authentication implementations. The vulnerability allows an attacker to overwrite existing roles of local users with roles assigned to a federated user when a federated user shares a username with a local user. This issue requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. The overwritten roles are limited to those defined within the federated IDP. Exploitation could grant minimal access rights unless explicitly configured otherwise by the federated IDP administrator. Evidence from official sources indicates this vulnerability was published on 2026-07-04.
- Vendor
- WSO2
- Product
- WSO2 API Manager
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-04
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-07-04
- Advisory updated
- 2026-07-04
Who should care
Organizations using federated authentication with silent JIT provisioning enabled should prioritize patching. Specifically, those with WSO2 products might be affected, as indicated by a security advisory from WSO2. Administrators of local user accounts and federated IDP configurations must assess their exposure and take necessary actions.
Technical summary
The silent JIT provisioning feature fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user. The vulnerability has a CVSS Score of 4.8 and a CVSS Severity of MEDIUM. The CVSS Vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L. CWE-298 is associated with this vulnerability.
Defensive priority
Apply patches or disable silent JIT provisioning if not required. Review and restrict federated IDP role assignments to minimize potential impact.
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the silent JIT provisioning vulnerability.
- Disable silent JIT provisioning if not required, and review federated IDP configurations.
- Restrict federated IDP role assignments to minimize potential impact.
- Monitor for suspicious activity related to user role changes.
- Review and update local user account management processes to account for federated user interactions.
Evidence notes
The CVE record and NVD detail provide official information on CVE-2024-1248. A WSO2 security advisory (WSO2-2024-3179) is referenced, suggesting potential impact on WSO2 products. The vulnerability's details and CVSS score are based on official sources.
Official resources
-
CVE-2024-1248 CVE record
CVE.org
-
CVE-2024-1248 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
ed10eef1-636d-4fbe-9993-6890dfa878f8
This article is AI-assisted and based on the supplied source corpus.