Search
Find a vulnerability
Search criteria
20 vulnerabilities by himmelblau-idm
CVE-2026-45108 (GCVE-0-2026-45108)
Vulnerability from nvd – Published: 2026-05-27 18:53 – Updated: 2026-05-28 13:54
VLAI
Title
Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to obtain a local Unix session as another user by providing their own valid credentials. The vulnerability existed in the token_validate function, which validated domain aliases for legitimate multi-domain scenarios but failed to verify that the local part (username) of the authenticated user's UPN matched the requested account username. The function only compared domains, not the complete usernames. This vulnerability is fixed in 3.1.5 and 2.3.11.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 2.0.0, < 2.3.11
Affected: >= 3.0.0-alpha, < 3.1.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:54:48.811361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:54:57.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.3.11"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha, \u003c 3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to obtain a local Unix session as another user by providing their own valid credentials. The vulnerability existed in the token_validate function, which validated domain aliases for legitimate multi-domain scenarios but failed to verify that the local part (username) of the authenticated user\u0027s UPN matched the requested account username. The function only compared domains, not the complete usernames. This vulnerability is fixed in 3.1.5 and 2.3.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:53:29.232Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-pmxh-j4r6-88mv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-pmxh-j4r6-88mv"
}
],
"source": {
"advisory": "GHSA-pmxh-j4r6-88mv",
"discovery": "UNKNOWN"
},
"title": "Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45108",
"datePublished": "2026-05-27T18:53:29.232Z",
"dateReserved": "2026-05-08T19:27:26.699Z",
"dateUpdated": "2026-05-28T13:54:57.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34397 (GCVE-0-2026-34397)
Vulnerability from nvd – Published: 2026-04-01 17:25 – Updated: 2026-04-04 03:05
VLAI
Title
himmelblau: NSS fake-primary group lookup reintroduces name collision risk
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 2.0.0-alpha, < 2.3.9
Affected: >= 3.0.0-alpha, < 3.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34397",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-04T03:04:22.143352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T03:05:13.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-alpha, \u003c 2.3.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha, \u003c 3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., \"sudo\", \"wheel\", \"docker\", \"adm\") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:25:06.034Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-v7xx-7mqc-g835",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-v7xx-7mqc-g835"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/2.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/2.3.9"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/3.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/3.1.1"
}
],
"source": {
"advisory": "GHSA-v7xx-7mqc-g835",
"discovery": "UNKNOWN"
},
"title": "himmelblau: NSS fake-primary group lookup reintroduces name collision risk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34397",
"datePublished": "2026-04-01T17:25:06.034Z",
"dateReserved": "2026-03-27T13:45:29.619Z",
"dateUpdated": "2026-04-04T03:05:13.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31979 (GCVE-0-2026-31979)
Vulnerability from nvd – Published: 2026-03-11 19:47 – Updated: 2026-03-11 20:07
VLAI
Title
himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_<uid> without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon's systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 1.0.0, < 2.3.8
Affected: >= 3.0.0-alpha, < 3.1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T20:07:04.015032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:07:29.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 2.3.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha, \u003c 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_\u003cuid\u003e without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon\u0027s systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T19:47:05.935Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-44wm-q286-ghq3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-44wm-q286-ghq3"
}
],
"source": {
"advisory": "GHSA-44wm-q286-ghq3",
"discovery": "UNKNOWN"
},
"title": "himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31979",
"datePublished": "2026-03-11T19:47:05.935Z",
"dateReserved": "2026-03-10T15:40:10.487Z",
"dateUpdated": "2026-03-11T20:07:29.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31957 (GCVE-0-2026-31957)
Vulnerability from nvd – Published: 2026-03-11 19:25 – Updated: 2026-03-12 20:00
VLAI
Title
Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 3.0.0, < 3.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T20:00:34.426187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T20:00:41.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T19:25:21.230Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v"
}
],
"source": {
"advisory": "GHSA-q746-m2wv-qh4v",
"discovery": "UNKNOWN"
},
"title": "Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31957",
"datePublished": "2026-03-11T19:25:21.230Z",
"dateReserved": "2026-03-10T15:40:10.480Z",
"dateUpdated": "2026-03-12T20:00:41.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59044 (GCVE-0-2025-59044)
Vulnerability from nvd – Published: 2025-09-09 22:31 – Updated: 2025-09-10 16:06
VLAI
Title
Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple groups with the same `displayName` (including end-user–created personal/O365 groups, depending on tenant policy), distinct directory groups can collapse to the same numeric GID on Linux. This issue only applies to Himmelblau versions 0.9.0 through 0.9.22. Any resource or service on a Himmelblau-joined host that enforces authorization by numeric GID (files/dirs, etc.) can be unintentionally accessible to a user who creates or joins a different Entra/O365 group that happens to share the same `displayName` as a privileged security group. Users should upgrade to 0.9.23, or 1.0.0 or later, to receive a patch. Group to GID mapping now uses Entra ID object IDs (GUIDs) and does not collide on same-name groups. As a workaround, use tenant policy hardening to restrict arbitrary group creation until all hosts are patched.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.9.0, < 0.9.23
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T15:55:27.654941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T16:06:02.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.0, \u003c 0.9.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple groups with the same `displayName` (including end-user\u2013created personal/O365 groups, depending on tenant policy), distinct directory groups can collapse to the same numeric GID on Linux. This issue only applies to Himmelblau versions 0.9.0 through 0.9.22. Any resource or service on a Himmelblau-joined host that enforces authorization by numeric GID (files/dirs, etc.) can be unintentionally accessible to a user who creates or joins a different Entra/O365 group that happens to share the same `displayName` as a privileged security group. Users should upgrade to 0.9.23, or 1.0.0 or later, to receive a patch. Group to GID mapping now uses Entra ID object IDs (GUIDs) and does not collide on same-name groups. As a workaround, use tenant policy hardening to restrict arbitrary group creation until all hosts are patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T22:31:39.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-2m43-mmg9-3rgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-2m43-mmg9-3rgc"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/76c5b41df7f89378af65dc7c0d0484d7d41b3281",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/76c5b41df7f89378af65dc7c0d0484d7d41b3281"
}
],
"source": {
"advisory": "GHSA-2m43-mmg9-3rgc",
"discovery": "UNKNOWN"
},
"title": "Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59044",
"datePublished": "2025-09-09T22:31:39.480Z",
"dateReserved": "2025-09-08T16:19:26.172Z",
"dateUpdated": "2025-09-10T16:06:02.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54882 (GCVE-0-2025-54882)
Vulnerability from nvd – Published: 2025-08-07 00:02 – Updated: 2025-08-07 14:32
VLAI
Title
Himmelblau's Kerberos credential cache collection is world readable
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.8.0, < 0.9.22
Affected: >= 1.0.0-beta, < 1.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T14:31:57.797950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T14:32:00.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.8.0, \u003c 0.9.22"
},
{
"status": "affected",
"version": "\u003e= 1.0.0-beta, \u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T00:02:09.263Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0"
}
],
"source": {
"advisory": "GHSA-phfx-rjfw-wj83",
"discovery": "UNKNOWN"
},
"title": "Himmelblau\u0027s Kerberos credential cache collection is world readable"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54882",
"datePublished": "2025-08-07T00:02:09.263Z",
"dateReserved": "2025-07-31T17:23:33.476Z",
"dateUpdated": "2025-08-07T14:32:00.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54781 (GCVE-0-2025-54781)
Vulnerability from nvd – Published: 2025-08-01 23:35 – Updated: 2025-08-04 15:26
VLAI
Title
Himmelblau leaks an Intune service access token in its logs
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 1.0.0, < 1.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T15:25:54.698379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T15:26:00.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host\u0027s Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T23:35:23.713Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-78qg-vmrw-574w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-78qg-vmrw-574w"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/2d512bded90ac6a54fcdf737b43ff5d9d4cdb59e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/2d512bded90ac6a54fcdf737b43ff5d9d4cdb59e"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.1.0"
}
],
"source": {
"advisory": "GHSA-78qg-vmrw-574w",
"discovery": "UNKNOWN"
},
"title": "Himmelblau leaks an Intune service access token in its logs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54781",
"datePublished": "2025-08-01T23:35:23.713Z",
"dateReserved": "2025-07-29T16:50:28.391Z",
"dateUpdated": "2025-08-04T15:26:00.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53013 (GCVE-0-2025-53013)
Vulnerability from nvd – Published: 2025-06-26 18:02 – Updated: 2025-08-20 19:29
VLAI
Title
Himmelblau offline auth permits authentication with invalid Hello PIN
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://www.vicarius.io/vsociety/posts/cve-2025-5… | |
| https://www.vicarius.io/vsociety/posts/cve-2025-5… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.9.10, < 0.9.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T18:37:35.779863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T18:47:31.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-20T19:29:16.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-53013-detect-himmelblau-vulnerable-configuration"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-53013-mitigate-himmelblau-vulnerable-configuration"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.10, \u003c 0.9.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T18:02:31.828Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-j93j-pwm6-p97j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-j93j-pwm6-p97j"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/64b03739f1d5ee472b1cff3ed20ed9af1c65a6f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/64b03739f1d5ee472b1cff3ed20ed9af1c65a6f8"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/78477d684df710d57c10091c87b92665cfac98ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/78477d684df710d57c10091c87b92665cfac98ae"
}
],
"source": {
"advisory": "GHSA-j93j-pwm6-p97j",
"discovery": "UNKNOWN"
},
"title": "Himmelblau offline auth permits authentication with invalid Hello PIN"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53013",
"datePublished": "2025-06-26T18:02:31.828Z",
"dateReserved": "2025-06-24T03:50:36.796Z",
"dateUpdated": "2025-08-20T19:29:16.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49012 (GCVE-0-2025-49012)
Vulnerability from nvd – Published: 2025-06-05 22:29 – Updated: 2025-06-09 14:47
VLAI
Title
Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API—even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `"Allow-Linux-Login"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/issues/554 | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://learn.microsoft.com/en-us/answers/questio… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.9.0, < 0.9.15
Affected: = 1.0.0-alpha |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T14:47:15.271416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T14:47:19.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.0, \u003c 0.9.15"
},
{
"status": "affected",
"version": "= 1.0.0-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API\u2014even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `\"Allow-Linux-Login\"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T22:29:40.744Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/issues/554",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/issues/554"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/918577f6a8392a71d9d3d67f20962c372a0c01c6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/918577f6a8392a71d9d3d67f20962c372a0c01c6"
},
{
"name": "https://learn.microsoft.com/en-us/answers/questions/1035045/azure-ad-b2c-creates-groups-with-the-same-name-usi?utm_source=chatgpt.com",
"tags": [
"x_refsource_MISC"
],
"url": "https://learn.microsoft.com/en-us/answers/questions/1035045/azure-ad-b2c-creates-groups-with-the-same-name-usi?utm_source=chatgpt.com"
}
],
"source": {
"advisory": "GHSA-gcxr-m95v-qcf7",
"discovery": "UNKNOWN"
},
"title": "Himmelblau\u0027s Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49012",
"datePublished": "2025-06-05T22:29:40.744Z",
"dateReserved": "2025-05-29T16:34:07.176Z",
"dateUpdated": "2025-06-09T14:47:19.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24034 (GCVE-0-2025-24034)
Vulnerability from nvd – Published: 2025-01-23 17:38 – Updated: 2025-02-12 20:41
VLAI
Title
Himmelblau leaks credentials in the debug log
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://manpages.opensuse.org/Tumbleweed/himmelbl… | x_refsource_MISC |
| https://manpages.opensuse.org/Tumbleweed/himmelbl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.7.0, < 0.7.15
Affected: >= 0.8.0, < 0.8.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T18:58:21.320182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:29.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0, \u003c 0.7.15"
},
{
"status": "affected",
"version": "\u003e= 0.8.0, \u003c 0.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T17:38:57.957Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-p989-2f5w-9cf6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-p989-2f5w-9cf6"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/1216804f15ce5dc74bb5da48b5508c41d2ece8fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/1216804f15ce5dc74bb5da48b5508c41d2ece8fa"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.7.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.7.15"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.8.3"
},
{
"name": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblau.conf.5.en.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblau.conf.5.en.html"
},
{
"name": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblaud.8.en.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblaud.8.en.html"
}
],
"source": {
"advisory": "GHSA-p989-2f5w-9cf6",
"discovery": "UNKNOWN"
},
"title": "Himmelblau leaks credentials in the debug log"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24034",
"datePublished": "2025-01-23T17:38:57.957Z",
"dateReserved": "2025-01-16T17:31:06.461Z",
"dateUpdated": "2025-02-12T20:41:29.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-45108 (GCVE-0-2026-45108)
Vulnerability from cvelistv5 – Published: 2026-05-27 18:53 – Updated: 2026-05-28 13:54
VLAI
Title
Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to obtain a local Unix session as another user by providing their own valid credentials. The vulnerability existed in the token_validate function, which validated domain aliases for legitimate multi-domain scenarios but failed to verify that the local part (username) of the authenticated user's UPN matched the requested account username. The function only compared domains, not the complete usernames. This vulnerability is fixed in 3.1.5 and 2.3.11.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 2.0.0, < 2.3.11
Affected: >= 3.0.0-alpha, < 3.1.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:54:48.811361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:54:57.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.3.11"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha, \u003c 3.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant (DAG) flow that allowed a user within the same Entra ID domain to obtain a local Unix session as another user by providing their own valid credentials. The vulnerability existed in the token_validate function, which validated domain aliases for legitimate multi-domain scenarios but failed to verify that the local part (username) of the authenticated user\u0027s UPN matched the requested account username. The function only compared domains, not the complete usernames. This vulnerability is fixed in 3.1.5 and 2.3.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T18:53:29.232Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-pmxh-j4r6-88mv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-pmxh-j4r6-88mv"
}
],
"source": {
"advisory": "GHSA-pmxh-j4r6-88mv",
"discovery": "UNKNOWN"
},
"title": "Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45108",
"datePublished": "2026-05-27T18:53:29.232Z",
"dateReserved": "2026-05-08T19:27:26.699Z",
"dateUpdated": "2026-05-28T13:54:57.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34397 (GCVE-0-2026-34397)
Vulnerability from cvelistv5 – Published: 2026-04-01 17:25 – Updated: 2026-04-04 03:05
VLAI
Title
himmelblau: NSS fake-primary group lookup reintroduces name collision risk
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., "sudo", "wheel", "docker", "adm") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1.
Severity
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 2.0.0-alpha, < 2.3.9
Affected: >= 3.0.0-alpha, < 3.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34397",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-04T03:04:22.143352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T03:05:13.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0-alpha, \u003c 2.3.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha, \u003c 3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., \"sudo\", \"wheel\", \"docker\", \"adm\") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:25:06.034Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-v7xx-7mqc-g835",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-v7xx-7mqc-g835"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/2.3.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/2.3.9"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/3.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/3.1.1"
}
],
"source": {
"advisory": "GHSA-v7xx-7mqc-g835",
"discovery": "UNKNOWN"
},
"title": "himmelblau: NSS fake-primary group lookup reintroduces name collision risk"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34397",
"datePublished": "2026-04-01T17:25:06.034Z",
"dateReserved": "2026-03-27T13:45:29.619Z",
"dateUpdated": "2026-04-04T03:05:13.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31979 (GCVE-0-2026-31979)
Vulnerability from cvelistv5 – Published: 2026-03-11 19:47 – Updated: 2026-03-11 20:07
VLAI
Title
himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_<uid> without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon's systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 1.0.0, < 2.3.8
Affected: >= 3.0.0-alpha, < 3.1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T20:07:04.015032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:07:29.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 2.3.8"
},
{
"status": "affected",
"version": "\u003e= 3.0.0-alpha, \u003c 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_\u003cuid\u003e without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon\u0027s systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T19:47:05.935Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-44wm-q286-ghq3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-44wm-q286-ghq3"
}
],
"source": {
"advisory": "GHSA-44wm-q286-ghq3",
"discovery": "UNKNOWN"
},
"title": "himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31979",
"datePublished": "2026-03-11T19:47:05.935Z",
"dateReserved": "2026-03-10T15:40:10.487Z",
"dateUpdated": "2026-03-11T20:07:29.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31957 (GCVE-0-2026-31957)
Vulnerability from cvelistv5 – Published: 2026-03-11 19:25 – Updated: 2026-03-12 20:00
VLAI
Title
Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 3.0.0, < 3.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T20:00:34.426187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T20:00:41.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T19:25:21.230Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-q746-m2wv-qh4v"
}
],
"source": {
"advisory": "GHSA-q746-m2wv-qh4v",
"discovery": "UNKNOWN"
},
"title": "Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31957",
"datePublished": "2026-03-11T19:25:21.230Z",
"dateReserved": "2026-03-10T15:40:10.480Z",
"dateUpdated": "2026-03-12T20:00:41.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59044 (GCVE-0-2025-59044)
Vulnerability from cvelistv5 – Published: 2025-09-09 22:31 – Updated: 2025-09-10 16:06
VLAI
Title
Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple groups with the same `displayName` (including end-user–created personal/O365 groups, depending on tenant policy), distinct directory groups can collapse to the same numeric GID on Linux. This issue only applies to Himmelblau versions 0.9.0 through 0.9.22. Any resource or service on a Himmelblau-joined host that enforces authorization by numeric GID (files/dirs, etc.) can be unintentionally accessible to a user who creates or joins a different Entra/O365 group that happens to share the same `displayName` as a privileged security group. Users should upgrade to 0.9.23, or 1.0.0 or later, to receive a patch. Group to GID mapping now uses Entra ID object IDs (GUIDs) and does not collide on same-name groups. As a workaround, use tenant policy hardening to restrict arbitrary group creation until all hosts are patched.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.9.0, < 0.9.23
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T15:55:27.654941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T16:06:02.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.0, \u003c 0.9.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf `id_attr_map = name` (the default configuration). Because Microsoft Entra ID allows multiple groups with the same `displayName` (including end-user\u2013created personal/O365 groups, depending on tenant policy), distinct directory groups can collapse to the same numeric GID on Linux. This issue only applies to Himmelblau versions 0.9.0 through 0.9.22. Any resource or service on a Himmelblau-joined host that enforces authorization by numeric GID (files/dirs, etc.) can be unintentionally accessible to a user who creates or joins a different Entra/O365 group that happens to share the same `displayName` as a privileged security group. Users should upgrade to 0.9.23, or 1.0.0 or later, to receive a patch. Group to GID mapping now uses Entra ID object IDs (GUIDs) and does not collide on same-name groups. As a workaround, use tenant policy hardening to restrict arbitrary group creation until all hosts are patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T22:31:39.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-2m43-mmg9-3rgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-2m43-mmg9-3rgc"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/76c5b41df7f89378af65dc7c0d0484d7d41b3281",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/76c5b41df7f89378af65dc7c0d0484d7d41b3281"
}
],
"source": {
"advisory": "GHSA-2m43-mmg9-3rgc",
"discovery": "UNKNOWN"
},
"title": "Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59044",
"datePublished": "2025-09-09T22:31:39.480Z",
"dateReserved": "2025-09-08T16:19:26.172Z",
"dateUpdated": "2025-09-10T16:06:02.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54882 (GCVE-0-2025-54882)
Vulnerability from cvelistv5 – Published: 2025-08-07 00:02 – Updated: 2025-08-07 14:32
VLAI
Title
Himmelblau's Kerberos credential cache collection is world readable
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.8.0, < 0.9.22
Affected: >= 1.0.0-beta, < 1.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-07T14:31:57.797950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T14:32:00.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.8.0, \u003c 0.9.22"
},
{
"status": "affected",
"version": "\u003e= 1.0.0-beta, \u003c 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T00:02:09.263Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0"
}
],
"source": {
"advisory": "GHSA-phfx-rjfw-wj83",
"discovery": "UNKNOWN"
},
"title": "Himmelblau\u0027s Kerberos credential cache collection is world readable"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54882",
"datePublished": "2025-08-07T00:02:09.263Z",
"dateReserved": "2025-07-31T17:23:33.476Z",
"dateUpdated": "2025-08-07T14:32:00.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54781 (GCVE-0-2025-54781)
Vulnerability from cvelistv5 – Published: 2025-08-01 23:35 – Updated: 2025-08-04 15:26
VLAI
Title
Himmelblau leaks an Intune service access token in its logs
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 1.0.0, < 1.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T15:25:54.698379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T15:26:00.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host\u0027s Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T23:35:23.713Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-78qg-vmrw-574w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-78qg-vmrw-574w"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/2d512bded90ac6a54fcdf737b43ff5d9d4cdb59e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/2d512bded90ac6a54fcdf737b43ff5d9d4cdb59e"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/1.1.0"
}
],
"source": {
"advisory": "GHSA-78qg-vmrw-574w",
"discovery": "UNKNOWN"
},
"title": "Himmelblau leaks an Intune service access token in its logs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54781",
"datePublished": "2025-08-01T23:35:23.713Z",
"dateReserved": "2025-07-29T16:50:28.391Z",
"dateUpdated": "2025-08-04T15:26:00.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53013 (GCVE-0-2025-53013)
Vulnerability from cvelistv5 – Published: 2025-06-26 18:02 – Updated: 2025-08-20 19:29
VLAI
Title
Himmelblau offline auth permits authentication with invalid Hello PIN
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://www.vicarius.io/vsociety/posts/cve-2025-5… | |
| https://www.vicarius.io/vsociety/posts/cve-2025-5… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.9.10, < 0.9.17
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T18:37:35.779863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T18:47:31.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-20T19:29:16.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-53013-detect-himmelblau-vulnerable-configuration"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-53013-mitigate-himmelblau-vulnerable-configuration"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.10, \u003c 0.9.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T18:02:31.828Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-j93j-pwm6-p97j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-j93j-pwm6-p97j"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/64b03739f1d5ee472b1cff3ed20ed9af1c65a6f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/64b03739f1d5ee472b1cff3ed20ed9af1c65a6f8"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/78477d684df710d57c10091c87b92665cfac98ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/78477d684df710d57c10091c87b92665cfac98ae"
}
],
"source": {
"advisory": "GHSA-j93j-pwm6-p97j",
"discovery": "UNKNOWN"
},
"title": "Himmelblau offline auth permits authentication with invalid Hello PIN"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53013",
"datePublished": "2025-06-26T18:02:31.828Z",
"dateReserved": "2025-06-24T03:50:36.796Z",
"dateUpdated": "2025-08-20T19:29:16.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49012 (GCVE-0-2025-49012)
Vulnerability from cvelistv5 – Published: 2025-06-05 22:29 – Updated: 2025-06-09 14:47
VLAI
Title
Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API—even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `"Allow-Linux-Login"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/issues/554 | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://learn.microsoft.com/en-us/answers/questio… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.9.0, < 0.9.15
Affected: = 1.0.0-alpha |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T14:47:15.271416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T14:47:19.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.0, \u003c 0.9.15"
},
{
"status": "affected",
"version": "= 1.0.0-alpha"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API\u2014even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `\"Allow-Linux-Login\"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T22:29:40.744Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/issues/554",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/issues/554"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/918577f6a8392a71d9d3d67f20962c372a0c01c6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/918577f6a8392a71d9d3d67f20962c372a0c01c6"
},
{
"name": "https://learn.microsoft.com/en-us/answers/questions/1035045/azure-ad-b2c-creates-groups-with-the-same-name-usi?utm_source=chatgpt.com",
"tags": [
"x_refsource_MISC"
],
"url": "https://learn.microsoft.com/en-us/answers/questions/1035045/azure-ad-b2c-creates-groups-with-the-same-name-usi?utm_source=chatgpt.com"
}
],
"source": {
"advisory": "GHSA-gcxr-m95v-qcf7",
"discovery": "UNKNOWN"
},
"title": "Himmelblau\u0027s Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49012",
"datePublished": "2025-06-05T22:29:40.744Z",
"dateReserved": "2025-05-29T16:34:07.176Z",
"dateUpdated": "2025-06-09T14:47:19.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24034 (GCVE-0-2025-24034)
Vulnerability from cvelistv5 – Published: 2025-01-23 17:38 – Updated: 2025-02-12 20:41
VLAI
Title
Himmelblau leaks credentials in the debug log
Summary
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/himmelblau-idm/himmelblau/secu… | x_refsource_CONFIRM |
| https://github.com/himmelblau-idm/himmelblau/comm… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://github.com/himmelblau-idm/himmelblau/rele… | x_refsource_MISC |
| https://manpages.opensuse.org/Tumbleweed/himmelbl… | x_refsource_MISC |
| https://manpages.opensuse.org/Tumbleweed/himmelbl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| himmelblau-idm | himmelblau |
Affected:
>= 0.7.0, < 0.7.15
Affected: >= 0.8.0, < 0.8.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T18:58:21.320182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:29.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "himmelblau",
"vendor": "himmelblau-idm",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.7.0, \u003c 0.7.15"
},
{
"status": "affected",
"version": "\u003e= 0.8.0, \u003c 0.8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T17:38:57.957Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-p989-2f5w-9cf6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-p989-2f5w-9cf6"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/commit/1216804f15ce5dc74bb5da48b5508c41d2ece8fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/commit/1216804f15ce5dc74bb5da48b5508c41d2ece8fa"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.7.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.7.15"
},
{
"name": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/himmelblau-idm/himmelblau/releases/tag/0.8.3"
},
{
"name": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblau.conf.5.en.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblau.conf.5.en.html"
},
{
"name": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblaud.8.en.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblaud.8.en.html"
}
],
"source": {
"advisory": "GHSA-p989-2f5w-9cf6",
"discovery": "UNKNOWN"
},
"title": "Himmelblau leaks credentials in the debug log"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24034",
"datePublished": "2025-01-23T17:38:57.957Z",
"dateReserved": "2025-01-16T17:31:06.461Z",
"dateUpdated": "2025-02-12T20:41:29.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}