Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met:
Attacker should have:
When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation.