12 matches found
EUVD-2023-2569
Malicious code in bioql PyPI...
ROS-20240403-13
Vulnerability of OpenIdAuthenticator class of Eclipse Jetty servlet container is related to flaws in the of the authentication procedure when processing the LoginService parameter. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...
CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
SUSE CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
Eclipse Jetty OpenID Vulnerability (GHSA-pwh8-58vv-vw48) - Windows
Eclipse Jetty is prone to a vulnerability in OpenIdAuthenticator. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
Authentication flaw
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
UBUNTU-CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
CVE-2023-41900 Jetty's OpenId Revoked authentication allows one request
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
PT-2023-5724 · Eclipse +3 · Jetty +3
Name of the Vulnerable Software and Affected Versions: Jetty versions 9.4.21 through 9.4.51 Jetty version 10.0.15 Jetty version 11.0.15 Description: The issue is related to weak authentication in Jetty when using the OpenIdAuthenticator with a nested LoginService. If the LoginService revokes an...