exploitDog

GHSA-6fqm-3hx5-gmg3

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

Ссылки

EPSS

Процентиль: 57%

0.00349

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2014-2296

CVSS3: 8.8

nvd

больше 7 лет назад

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

EPSS

Процентиль: 57%

0.00349

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-611