CVE-2019-13347
CVE-2019-13347 is a high-severity vulnerability in Atlassian Saml Single Sign On with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.5)
- CVSS v2: 6.0
- EPSS exploit prediction: 1% (61st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Atlassian Saml Single Sign On
- Published:
- Last modified:
Description
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.
Frequently asked questions
- What is CVE-2019-13347?
- An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate their accounts just by browsing the affected Jira/Confluence/Bitbucket/Bamboo instance, even when the applicable configuration option of the plugin has been disabled ("Reactivate inactive users"). Exploiting this vulnerability requires an attacker to be authorized by the identity provider and requires that the plugin's configuration option "User Update Method" have the "Update from SAML Attributes" value.
- How severe is CVE-2019-13347?
- CVE-2019-13347 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over network with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2019-13347 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (61st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-13347?
- CVE-2019-13347 primarily affects Atlassian Saml Single Sign On. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2019-13347?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2019-13347 published?
- CVE-2019-13347 was published on 2019-12-13 and last updated on 2026-06-17.
References
- https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-sso-confluence?hosting=server&tab=overview
- https://wiki.resolution.de/doc/saml-sso/latest/all/security-advisories/2019-07-11-users-are-always-re-enabled-during-login-when-updated
Affected products (4)
- cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bamboo:*:*
- cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:bitbucket:*:*
- cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:confluence:*:*
- cpe:2.3:a:atlassian:saml_single_sign_on:*:*:*:*:*:jira:*:*
More vulnerabilities in Atlassian Saml Single Sign On
- CVE-2021-37843 — Critical (CVSS 9.8): The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the…