4 matches found
org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.3.0 <=1.3.2), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.1.0 <=1.3.2) +6 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring (>=1.1.0 <=1.3.2)
org.apache.cxf.fediz:fediz-spring MAVEN version =1.1.0, =1.3.0, =1.1.0, =1.1.0, =1.2.0, =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.3.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...
org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring3 (>=1.4.0 <=1.4.2), org.apache.cxf.fediz:apache-fediz (>=1.4.1 <=1.4.2) potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring3 (>=1.4.0 <=1.4.2)
org.apache.cxf.fediz:fediz-spring3 MAVEN version =1.4.0, =1.4.0, =1.4.1, =1.4.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...
org.apache.cxf.fediz.examples:spring2Webapp (>=1.4.0 <=1.4.2), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (>=1.4.0 <=1.4.2) +1 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring2 (>=1.4.0 <=1.4.2)
org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...
CVE-2017-12631
CVE-2017-12631 affects Apache CXF Fediz WS-Federation plugins (Spring 2, 3, 4). The root cause is a CSRF vulnerability that can cause a security context to be established using a malicious client’s roles for the end user. Affected components are the Fediz Spring plugins in versions before 1.4.3 a...