{"id":"PYSEC-2015-41","details":"providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.","aliases":["CVE-2015-5217","GHSA-6875-ff47-r6p6"],"modified":"2026-06-10T17:01:14.810879359Z","published":"2015-11-17T15:59:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"WEB","url":"https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/10/27/8"},{"type":"WEB","url":"https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1255172"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-6875-ff47-r6p6"}],"affected":[{"package":{"name":"ipsilon","ecosystem":"PyPI","purl":"pkg:pypi/ipsilon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.2.0","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ipsilon/PYSEC-2015-41.yaml"}}],"schema_version":"1.7.5"}