Lucene search

GoogleOSV:CVE-2023-4612

HistoryNov 09, 2023 - 2:15 p.m.

CVE-2023-4612

2023-11-0914:15:08

Google

osv.dev

apereo cas

multi-factor authentication bypass

httpservletrequest.getremoteaddr

no patch

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.

CPENameOperatorVersion
caseq6.3.0-RC3
caseq6.5.0-RC5
caseq6.6.0-RC3
caseq6.3.0-RC4
caseq6.2.0-RC1
caseq7.0.0-RC4
caseq7.0.0-RC5
caseq6.5.0-RC1
caseq6.6.0-RC1
caseq6.1.0-RC5

Name	Operator	Version
cas	eq	6.3.0-RC3
cas	eq	6.5.0-RC5
cas	eq	6.6.0-RC3
cas	eq	6.3.0-RC4
cas	eq	6.2.0-RC1
cas	eq	7.0.0-RC4
cas	eq	7.0.0-RC5
cas	eq	6.5.0-RC1
cas	eq	6.6.0-RC1
cas	eq	6.1.0-RC5

Rows per page:

1-10 of 431

References

cert.pl/en/posts/2023/11/CVE-2023-4612/

cert.pl/posts/2023/11/CVE-2023-4612/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for OSV:CVE-2023-4612