An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
References
Link | Resource |
---|---|
http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/103507 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45400/ | Third Party Advisory VDB Entry |
http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/103507 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45400/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting - Mitigation, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/103507 - Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/45400/ - Third Party Advisory, VDB Entry |
Information
Published : 2018-03-20 17:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1322
Mitre link : CVE-2018-1322
CVE.ORG link : CVE-2018-1322
JSON object : View
Products Affected
apache
- syncope
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor