Vulnerabilities in himmelblau-idm
10 resultsCVE-2026-31957CRITICALHimmelblau unset domain configuration can allow any-tenant authentication at first login for remote deploymentsEPSS 0.5%CVE-2025-49012MEDIUMHimmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security BypassEPSS 0.3%CVE-2026-45108HIGHHimmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) FlowEPSS 0.2%CVE-2025-53013MEDIUMHimmelblau offline auth permits authentication with invalid Hello PINEPSS 0.2%CVE-2025-54882HIGHHimmelblau's Kerberos credential cache collection is world readableEPSS 0.2%CVE-2026-31979HIGHhimmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccacheEPSS 0.2%CVE-2025-24034LOWHimmelblau leaks credentials in the debug logEPSS 0.2%CVE-2026-34397MEDIUMhimmelblau: NSS fake-primary group lookup reintroduces name collision riskEPSS 0.2%CVE-2025-54781LOWHimmelblau leaks an Intune service access token in its logsEPSS 0.1%CVE-2025-59044MEDIUMHimmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)EPSS 0.1%