CNNVD-202508-649 Information

Aug 07, 2025 cve

CNNVD ID

CNNVD-202508-649

CVE-2025-54882

CNNVD Published: 2025-08-07

Description (Chinese)

Himmelblau是Himmelblau开源的一个 Azure Entra ID 身份验证模块。 Himmelblau 0.8.0至0.9.21版本和1.0.0-beta至1.1.0版本存在安全漏洞，该漏洞源于云TGT凭据缓存存储为全局可读。

Description (English)

Himmelblau is an Azure Entra ID authentication module at the Himmelblau Open Source. There is a security loophole in Himmelblau, versions 0.8.0 to 0.9.21 and 1.0.0-beta to 1.1.0, which originates from cloud TGT caches stored in global readability.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Himmelblau

Published

2025-08-07

Last Modified

2026-02-24

References

https://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad https://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a https://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22 https://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0 https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83

Patch

https://himmelblau-idm.org/

Share on: