 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.151005 |
| Category: | Web Servers |
| Title: | Eclipse Jetty OpenID Vulnerability (GHSA-pwh8-58vv-vw48) - Linux |
| Summary: | Eclipse Jetty is prone to a vulnerability in; OpenIdAuthenticator. |
| Description: | Summary: Eclipse Jetty is prone to a vulnerability in OpenIdAuthenticator. Vulnerability Insight: If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the LoginService. Affected Software/OS: Eclipse Jetty version 9.4.21 through 9.4.51, 10.0.0 through 10.0.15 and 11.0.0 through 11.0.15. Solution: Update to version 9.4.52, 10.0.16, 11.0.16 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-41900 Debian Security Information: DSA-5507 (Google Search) https://www.debian.org/security/2023/dsa-5507 https://github.com/eclipse/jetty.project/pull/9528 https://github.com/eclipse/jetty.project/pull/9660 https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |