GHSA-9qhq-j4xm-cw48
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9qhq-j4xm-cw48
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9qhq-j4xm-cw48/GHSA-9qhq-j4xm-cw48.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9qhq-j4xm-cw48
- Aliases
-
- CVE-2015-3158
- Published
- 2022-05-17T04:09:07Z
- Modified
- 2024-12-06T05:39:59.338894Z
- Summary
- PicketLink does not properly check role based authorization
- Details
-
The
invokeNextValvefunction inidentity/federation/bindings/tomcat/idp/AbstractIDPValve.javain PicketLink before 2.7.1.Final does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. - Database specific
{ "nvd_published_at": "2015-08-26T19:59:00Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-05T20:18:20Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-3158
- https://github.com/picketlink/picketlink-bindings/pull/124
- https://github.com/picketlink/picketlink-bindings/commit/ae6ff4adfc562880e714a089983054b47610ecec
- https://bugzilla.redhat.com/show_bug.cgi?id=1216123
- https://github.com/picketlink/picketlink-bindings
- https://issues.jboss.org/browse/PLINK-708
- http://rhn.redhat.com/errata/RHSA-2015-1669.html
- http://rhn.redhat.com/errata/RHSA-2015-1670.html
- http://rhn.redhat.com/errata/RHSA-2015-1671.html
- http://rhn.redhat.com/errata/RHSA-2015-1672.html
- http://rhn.redhat.com/errata/RHSA-2015-1673.html
Affected packages
Maven / org.picketlink:picketlink-tomcat-common
Package
- Name
- org.picketlink:picketlink-tomcat-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.picketlink/picketlink-tomcat-common
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.1.Final
Affected versions
2.*
2.1.0.Final
2.1.1.Final
2.1.2.Final
2.1.3.Final
2.1.4.Final
2.1.5.Final
2.1.5-2012Sep04
2.1.6.Final
2.1.6.1.Final
2.1.6.1.Final-1
2.1.6.2.Final
2.1.6.3.Final
2.1.7.Final
2.1.8.Final
2.1.9.SP1
2.1.9.SP2
2.1.9.SP3
2.1.9.Final
2.1.10.Final
2.5.0.CR1
2.5.0.CR2
2.5.0.Final
2.5.1.Final
2.5.2.Final
2.5.3.Beta1
2.5.3.Beta2
2.5.3.SP1
2.5.3.SP2
2.5.3.SP3
2.5.3.SP4
2.5.3.SP5
2.5.3.SP7
2.5.3.SP8
2.5.3.SP9
2.5.3.SP10
2.5.3.SP11
2.5.3.SP12
2.5.3.SP13
2.5.3.SP14
2.5.3.Final
2.5.4.SP2
2.5.4.SP4
2.5.4.SP5
2.5.4.SP6
2.5.4.SP7
2.5.4.SP9
2.5.4.SP10
2.5.4.SP11
2.5.4.SP13
2.5.4.SP15
2.5.4.SP16
2.5.4.SP17
2.5.4.SP18
2.5.4.Final
2.5.5.CR1
2.5.5.SP1
2.5.5.SP2
2.5.5.SP3
2.5.5.SP4
2.5.5.SP5
2.5.5.SP6
2.5.5.SP7
2.5.5.SP8
2.5.5.SP9
2.5.5.SP10
2.5.5.SP11
2.5.5.SP12
2.5.5.SP12-redhat-00009-jbossorg-1
2.5.5.Final
2.6.0.Beta2
2.6.0.Beta3
2.6.0.Beta4
2.6.0.CR1
2.6.0.CR2
2.6.0.CR3
2.6.0.CR4
2.6.0.CR5
2.6.0.Final
2.6.1.Final
2.7.0.Beta1
2.7.0.Beta1-20140731
2.7.0.Beta2
2.7.0.CR1
2.7.0.CR1-20140924
2.7.0.CR2
2.7.0.CR3
2.7.0.Final
2.7.1.Beta1
2.7.1.Beta2