CVE-2023-4612

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apereo:central_authentication_service:*:*:*:*:*:*:*:*
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc7:*:*:*:*:*:*

History

10 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-09 14:15

Updated : 2024-10-10 16:15


NVD link : CVE-2023-4612

Mitre link : CVE-2023-4612

CVE.ORG link : CVE-2023-4612


JSON object : View

Products Affected

apereo

  • central_authentication_service
CWE
CWE-287

Improper Authentication

CWE-302

Authentication Bypass by Assumed-Immutable Data