admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-46xx/CVE-2023-4612.json
cad-safe-bot bdc74a7bb4 Auto-Update: 2024-10-10T18:00:18.882198+00:00
2024-10-10 18:03:19 +00:00

133 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-4612",
"sourceIdentifier": "cvd@cert.pl",
"published": "2023-11-09T14:15:08.183",
"lastModified": "2024-10-10T16:15:07.260",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Apereo CAS in\u00a0jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability."
},
{
"lang": "es",
"value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en Apereo CAS en jakarta.servlet.http.HttpServletRequest.getRemoteAddr permite omitir la autenticaci\u00f3n multifactor. Este problema afecta a CAS: hasta 7.0.0-RC7. Se desconoce si en las nuevas versiones se solucionar\u00e1 el problema. Para la fecha de publicaci\u00f3n no existe ning\u00fan parche y el proveedor no lo trata como una vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "cvd@cert.pl",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-302"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.0",
"matchCriteriaId": "E724510C-AE63-4436-90F9-D688D9F1BF81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "21DF5E84-0799-4301-BDE0-FD4DE43845E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "97724FE8-EF13-4B89-BD38-3D1E8489B932"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0E231FEB-5DAF-4A89-BABF-51F248C7B1AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9CE1DFD4-C7AD-4811-AE6B-F674F5C00BCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "55798B47-3A4A-4261-BE73-CA1B7A53390B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "141E626C-5B40-4BAA-A4F6-5057F98E6F1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "3D2D6BDE-6F2E-47F3-8C71-0D27EE567AF4"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.pl/en/posts/2023/11/CVE-2023-4612/",
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://cert.pl/posts/2023/11/CVE-2023-4612/",
"source": "cvd@cert.pl",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink