An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
References
Link | Resource |
---|---|
http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/103507 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45400/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2018-03-21T00:00:00
Updated: 2018-09-15T09:57:01
Reserved: 2017-12-07T00:00:00
Link: CVE-2018-1322
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-20T17:29:00.300
Modified: 2019-03-08T15:15:59.670
Link: CVE-2018-1322
JSON object: View
Redhat Information
No data.
CWE