Описание
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
A flaw was found in Apache Shiro in versions prior to 1.5.3. When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Whilst the OpenDaylight version that is included in Red Hat OpenStack Platform includes the affected code, the vulnerable functionality is not used and therefore not exploitable.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | shiro-core | Not affected | ||
| Red Hat JBoss Fuse 6 | shiro-core | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | shiro-core | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | opendaylight | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | Will not fix | ||
| Red Hat Fuse 7.8.0 | shiro-core | Fixed | RHSA-2020:5568 | 16.12.2020 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...
9.8 Critical
CVSS3