CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
46.3%
org.eclipse.jetty, jetty-openid is vulnerable to Weak Authentication. The vulnerability is caused by a logical programming defect in the validateRequest
function in the OpenIdAuthenticator.java
class which allows current requests to still proceed even when LoginService
does return that the authentication has been revoked (from the validate()
method) and the OpenIdAuthenticator
removes the authentication from the session. This results in the current request still being treated as authenticated and can cause a request on a previously authenticated session to be allowed to bypass authentication after it had been rejected by the LoginService
. This vulnerability is possible only when Jetty OpenIdAuthenticator
uses the optional LoginService
.
github.com/advisories/GHSA-pwh8-58vv-vw48
github.com/eclipse/jetty.project/blob/jetty-10.0.14/jetty-openid/src/main/java/org/eclipse/jetty/security/openid/OpenIdAuthenticator.java#L505
github.com/eclipse/jetty.project/commit/09e4a61037399242a01323952834667edecd96ee
github.com/eclipse/jetty.project/commit/194fb28623c4051734d4ec42152245ebcfff0ed6
github.com/eclipse/jetty.project/commit/477c7d18b851e54afb043a61883b274708e7182e
github.com/eclipse/jetty.project/pull/9528
github.com/eclipse/jetty.project/pull/9660
github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
security.netapp.com/advisory/ntap-20231110-0004/
www.debian.org/security/2023/dsa-5507