4 matches found
org.apereo.cas:cas-management-webapp-configuration (>=5.3.1 <=5.3.3), org.apereo.cas:cas-management-webapp-support (>=5.2.0-RC2 <=5.3.3) +214 more potentially affected by CVE-2019-10754 via org.apereo.cas:cas-server-core-services-api (>=5.2.0-RC2 <=6.1.0-RC4)
org.apereo.cas:cas-server-core-services-api MAVEN version =5.2.0-RC2, =5.3.1, =5.2.0-RC2, =5.3.1, =6.1.0-RC2, =6.0.0-RC4, =6.0.0-RC4, =5.2.0, =6.0.0, =5.2.0, =5.2.0, =5.3.0, =5.3.0, =5.2.0, =5.2.0, =5.2.0, =6.1.0-RC4 and more Source cves: CVE-2019-10754 Source advisory: OSV:GHSA-G24W-373R-5PXG...
org.apereo.cas:cas-server-support-oauth (>=6.1.0-RC2 <=6.1.0-RC4), org.apereo.cas:cas-server-support-oauth-core (>=6.1.0-RC2 <=6.1.0-RC4) +5 more potentially affected by CVE-2019-10754 via org.apereo.cas:cas-server-support-oauth-core-api (>=6.1.0-RC2 <=6.1.0-RC4)
org.apereo.cas:cas-server-support-oauth-core-api MAVEN version =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC4 Source cves: CVE-2019-10754 Source advisory: OSV:GHSA-G24W-373R-5PXG...
CVE-2019-10754
CVE-2019-10754 affects Apereo CAS before release 6.1.0-RC5. The root cause is the use of apache commons-lang3’s RandomStringUtils for token and ID generation, whose PRNG is not cryptographically strong, making generated values predictable. This predictability can enable an attacker to infer token...
org.apereo.cas:cas-mgmt-api-configuration (>=6.1.0-RC2 <=6.1.0-RC4), org.apereo.cas:cas-mgmt-core-util (>=6.0.0-RC4 <=6.1.0-RC4) +197 more potentially affected by CVE-2019-10754 via org.apereo.cas:cas-server-core-services-api (>=6.0.0-RC4 <=6.1.0-RC4)
org.apereo.cas:cas-server-core-services-api MAVEN version =6.0.0-RC4, =6.1.0-RC2, =6.0.0-RC4, =6.0.0-RC4, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.0-RC4 and more Source cves: CVE-2019-10754 Source advisory: SNYK:JAVA-ORGAPEREOCAS-468868...