Lucene search
K

10 matches found

OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-49872 Apache APISIX: Improper authentication in cas-auth plugin

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

8.1CVSS5.9AI score0.0032EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:37 p.m.6 views

BIT-APISIX-2026-49871 Apache APISIX: cas-auth login CSRF / session injection issue

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:37 p.m.16 views

BIT-APISIX-2026-44915 Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0,...

6.1CVSS5.8AI score0.004EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 2:16 p.m.11 views

CVE-2026-49872

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

8.1CVSS0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.11 views

CVE-2026-49871

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

9.3CVSS0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:19 p.m.7 views

CVE-2026-49872

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

5.3CVSS5.9AI score0.0032EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:19 p.m.35 views

CVE-2026-49872 Apache APISIX: Improper authentication in cas-auth plugin

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...

5.3CVSS0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50899

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description Improper Authentication occurs when the cas-auth plugin is used in a route, potentially allowing an attacker to authenticate using credentials from a different source. Recommendations...

8.1CVSS5.9AI score0.0032EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50898

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description A Cross-Site Request Forgery CSRF issue exists in the cas-auth plugin under default configurations. This allows a remote attacker to trick a victim into visiting a malicious webpage,...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2023/06/14 3:30 p.m.5 views

com.100shouhou.golddata:golddata-spider (>=1.1.1 <=1.1.4), com.buession.cas:buession-cas-audit (>=2.0.0 <=2.3.2) +704 more potentially affected by CVE-2023-34620 via org.hjson:hjson (>=1.0.0 <=3.0.0)

org.hjson:hjson MAVEN version =1.0.0, =1.1.1, =2.0.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.0.0, =1.1.0, =2.3.0, =1.1.0, =2.3.0, =2.3.2 and more Source cves: CVE-2023-34620 Source advisory: OSV:GHSA-5WFC-HJRC-GQ87...

7.5CVSS7.1AI score0.00771EPSS
Exploits1
Rows per page
Query Builder