Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-9qhq-j4xm-cw48

Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью

Описание

PicketLink does not properly check role based authorization

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.7.1.Final does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

Ссылки

Пакеты

Наименование

org.picketlink:picketlink-tomcat-common

maven
Затронутые версииВерсия исправления

< 2.7.1.Final

2.7.1.Final

EPSS

Процентиль: 63%
0.00447
Низкий

CVE ID

CVE-2015-3158

Связанные уязвимости

redhat логотип

CVE-2015-3158

redhat
больше 10 лет назад

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

nvd логотип

CVE-2015-3158

nvd
больше 10 лет назад

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

EPSS

Процентиль: 63%
0.00447
Низкий

CVE ID

CVE-2015-3158