control: tags -1 + pending Le mercredi 14 août 2024, 19:49:55 UTC Adam D. Barratt a écrit : > Control: tags -1 + confirmed > > On Mon, 2024-08-05 at 13:16 +0000, Bastien Roucariès wrote: > > [ Reason ] > > CVE-2022-39369 > > > > [ Impact ] > > Service Hostname Discovery Exploitation > > > > The phpCAS library uses HTTP headers to determine the service URL > > used to validate tickets. This allows an attacker to control the host > > header and use a valid ticket granted for any authorized service in > > the same SSO realm (CAS server) to authenticate to the service > > protected by phpCAS. Depending on the settings of the CAS server > > service registry in worst case this may be any other service URL (if > > the allowed URLs are configured to "^(https)://.*") or may be > > strictly limited to known and authorized services in the same SSO > > federation if proper URL service validation is applied. > > > > This vulnerability may allow an attacker to gain access to a victim's > > account on a vulnerable CASified service without victim's knowledge, > > when the victim visits attacker's website while being logged in to > > the same CAS server. > > +php-cas (1.3.8-1+deb11u1) bullseye-security; urgency=high > > Both the changelog and NEWS file should use "bullseye" as the > distribution. > > With that fixed, please go ahead. Uploaded
Thanks > > Regards, > > Adam >
signature.asc
Description: This is a digitally signed message part.
