Casdoor Security Vulnerabilities and Issues — Casdoor CVE List

Lucene search

CasbinCasdoor

4 matches found

CVE•added 2024/08/20 9:15 p.m.•50 views

CVE-2024-41657

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

8.8CVSS8AI score0.00275EPSS

CVE•added 2024/08/01 4:15 p.m.•44 views

CVE-2024-41264

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.

7.5CVSS6.4AI score0.00055EPSS

CVE•added 2024/08/20 9:15 p.m.•42 views

CVE-2024-41658

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...

6.1CVSS6.2AI score0.0004EPSS

CVE•added 2024/06/02 10:15 a.m.•31 views

CVE-2024-5587

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely....

6.9CVSS5.3AI score0.00098EPSS