2 matches found
com.adobe.cq:core.wcm.components.testing.aem-mock-plugin (>=2.22.0 <=2.31.0), com.cognifide.aem.bundle:com.cognifide.aem.bundle.gradle.plugin (=12.0.0-beta) +58 more potentially affected by CVE-2020-1940 via org.apache.jackrabbit:oak-core (>=1.12.0 <=1.22.9)
org.apache.jackrabbit:oak-core MAVEN version =1.12.0, =2.22.0, =5.0.0, =5.0.0, =5.0.0, =1.5.0, =1.0.0, =1.1.0 and more Source cves: CVE-2020-1940 Source advisory: OSV:GHSA-3H68-WVV6-8R5Hhttps://vulners.com/osv/OSV:GHSA-3H6...
CVE-2020-1940
The CVE-2020-1940 vulnerability affects Apache Jackrabbit Oak, specifically version range 1.2.0 to 1.22.0. The issue arises from the optional initial password change and password expiration flow: the changed password is added to the credentials object but not removed during the first authenticati...