Prowler
Monthly
Cross-tenant account takeover in Prowler (cloud security platform) before 5.30.3 lets an authenticated attacker who operates a controlled SAML IdP obtain a tenant-scoped JWT for a victim tenant. The ACS finish logic in api/src/backend/api/v1/views.py derived the destination tenant from the user-asserted email domain rather than binding token issuance to the validated SAML configuration, so an attacker completing a legitimate SAML flow for their own domain while asserting a victim-domain email address receives a SAMLToken and JWT for the wrong tenant. Rated CVSS 9.6 (scope-changing); no public exploit identified at time of analysis and it is not listed in CISA KEV.
Cross-tenant account takeover in Prowler (cloud security platform) before 5.30.3 lets an authenticated attacker who operates a controlled SAML IdP obtain a tenant-scoped JWT for a victim tenant. The ACS finish logic in api/src/backend/api/v1/views.py derived the destination tenant from the user-asserted email domain rather than binding token issuance to the validated SAML configuration, so an attacker completing a legitimate SAML flow for their own domain while asserting a victim-domain email address receives a SAMLToken and JWT for the wrong tenant. Rated CVSS 9.6 (scope-changing); no public exploit identified at time of analysis and it is not listed in CISA KEV.