4.8
MEDIUM CVSS 3.1
CVE-2024-1248
Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation
Description

The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user. Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator.

INFO

Published Date :

July 4, 2026, 8:38 p.m.

Last Modified :

July 4, 2026, 8:38 p.m.

Remotely Exploit :

Yes !

Source :

WSO2
Affected Products

The following products are affected by CVE-2024-1248 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Wso2 api_manager
2 Wso2 identity_server
3 Wso2 identity_server_as_key_manager
4 Wso2 open_banking_am
5 Wso2 open_banking_iam
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM ed10eef1-636d-4fbe-9993-6890dfa878f8

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-1248 vulnerability anywhere in the article.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.