2 matches found
com.cibuddy:karaf.assembly (=1.0.0), com.kagurabi.services:kagura-assembly (>=1.5 <=1.9) +23 more potentially affected by CVE-2018-11787 via org.apache.karaf:apache-karaf (>=2.0.0 <=3.0.8)
org.apache.karaf:apache-karaf MAVEN version =2.0.0, =1.5, =1.5.6, =4.4.1, =1.1.2, =2.0.0, =2.0.6, =2.7.7, =3.0.0, =1.6.1-incubating, =1.6.1-incubating, =2.2.3, =2.0.0, =2.0.0, =2.2.11 and more Source cves: CVE-2018-11787 Source advisory: OSV:GHSA-CQ9C-55R7-455X...
CVE-2018-11787
CVE-2018-11787 affects Apache Karaf prior to 3.0.9, 4.0.9 and 4.1.1 where the webconsole opens a Gogo shell and, if Pax Web Extender Whiteboard is present, an unauthenticated /gogo URL can expose the Karaf console. Direct access to /system/console/gogo also requires authentication, but the /gogo ...