CVE-2023-4612

Опубликовано: 09 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.

Ссылки

https://cert.pl/en/posts/2023/11/CVE-2023-4612/
Third Party Advisory
https://cert.pl/posts/2023/11/CVE-2023-4612/
Third Party Advisory
https://cert.pl/en/posts/2023/11/CVE-2023-4612/
Third Party Advisory
https://cert.pl/posts/2023/11/CVE-2023-4612/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apereo:central_authentication_service:*:*:*:*:*:*:*:*

Версия до 7.0.0 (исключая)

cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc6:*:*:*:*:*:*

cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc7:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00044

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-302

CWE-287

Связанные уязвимости

GHSA-fxgj-cfm7-w8hw