CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user&amp;#39;s information may be replaced during the account provisioning process in cases where federated users share the same username as local users. <br /> <br /> There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control.<br /> <br /> The Deployment should have: <br /> -An IDP configured for federated authentication with Silent JIT provisioning enabled.<br /> <br /> The malicious actor should have:<br /> -A fresh valid user account in the federated IDP that has not been used earlier.<br /> -Knowledge of the username of a valid user in the local IDP. <br /> -An account at the federated IDP matching the targeted local username.