Описание
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.6.0+dfsg1-4+deb9u1build0.17.10.1 |
| bionic | not-affected | 2.6.1+dfsg1-2 |
| cosmic | not-affected | 2.6.1+dfsg1-2 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | not-affected | 2.6.1+dfsg1-2 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/focal | DNE |
Показывать по
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataPro ...
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
6.8 Medium
CVSS2
8.1 High
CVSS3