org.picketlink:picketlink-federation@2.7.1.Beta2 vulnerabilities

latest version

2.5.5.SP12

latest non vulnerable version

2.7.1.Final

first published

11 years ago

latest version published

6 years ago

licenses detected

LGPL-3.0
[2.5.0.Beta5,2.5.5.SP8); [2.6.0.Beta2,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.picketlink:picketlink-federation package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Authentication Bypass `org.picketlink:picketlink-federation` The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.	[2,2.5.3.SP13][2.6,2.6.1][2.7-alpha,2.7.1.Beta2]

Authentication Bypass

org.picketlink:picketlink-federation The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.

[2,2.5.3.SP13][2.6,2.6.1][2.7-alpha,2.7.1.Beta2]

Go back to all versions of this package