{"id":"PYSEC-2015-42","details":"providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial of service by deleting a SAML2 Service Provider (SP).","aliases":["CVE-2015-5301","GHSA-9qp4-79q8-58pr"],"modified":"2026-06-10T17:01:14.765058183Z","published":"2015-11-17T15:59:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2015/10/27/8"},{"type":"WEB","url":"https://pagure.io/ipsilon/9dec97c3c83928d231ea10f4160523a13803e594"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1271530"},{"type":"WEB","url":"https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.2"},{"type":"WEB","url":"https://fedorahosted.org/ipsilon/wiki/Releases/v1.1.1"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171076.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171067.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171052.html"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-9qp4-79q8-58pr"}],"affected":[{"package":{"name":"ipsilon","ecosystem":"PyPI","purl":"pkg:pypi/ipsilon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.2.0","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/ipsilon/PYSEC-2015-42.yaml"}}],"schema_version":"1.7.5"}