Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05ZmM1LXEyNWMtcjJ3cs4AAgVP
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
Permalink: https://github.com/advisories/GHSA-9fc5-q25c-r2wrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ZmM1LXEyNWMtcjJ3cs4AAgVP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: 7 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-9fc5-q25c-r2wr, CVE-2014-4172
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-4172
- https://github.com/Jasig/phpCAS/pull/125
- https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
- https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
- https://bugzilla.redhat.com/show_bug.cgi?id=1131350
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95673
- https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
- https://issues.jasig.org/browse/CASC-228
- https://www.debian.org/security/2014/dsa-3017.en.html
- https://www.mail-archive.com/[email protected]/msg17338.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html
- https://github.com/apereo/java-cas-client/commit/266eba7c2d870d70caba6f41576d19f2fcc869b1
- https://github.com/advisories/GHSA-9fc5-q25c-r2wr
Blast Radius: 29.1
Affected Packages
packagist:jasig/phpcas
Dependent packages: 54Dependent repositories: 243
Downloads: 2,238,075 total
Affected Version Ranges: < 1.3.3
Fixed in: 1.3.3
All affected versions:
All unaffected versions: 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.4.0, 1.5.0, 1.6.0, 1.6.1
maven:org.jasig.cas:cas-client
Dependent packages: 0Dependent repositories: 3
Downloads:
Affected Version Ranges: < 3.3.2
Fixed in: 3.3.2
All affected versions: 3.1.1, 3.1.2
All unaffected versions:
nuget:DotNetCasClient
Dependent packages: 0Dependent repositories: 0
Downloads: 591,198 total
Affected Version Ranges: < 1.0.2
Fixed in: 1.0.2
All affected versions: 1.0.0, 1.0.1
All unaffected versions: 1.0.2, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2