Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Janssen Config API returns results without scope verification
Vulnerability Description
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts ..etc. This issue has been patched in version 1.8.0. A workaround for this vulnerability involves users forking and building the config api, patching it in their system following commit 92eea4d.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Janssen 安全漏洞
Vulnerability Description
Janssen是Janssen Project开源的一个开源的用户认证组件。 Janssen 1.8.0之前版本存在安全漏洞,该漏洞源于Config API返回结果时未验证范围,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A