VYPR

Maven package

io.pivotal.spring.cloud/spring-cloud-sso-connector

pkg:maven/io.pivotal.spring.cloud/spring-cloud-sso-connector

Vulnerabilities (1)

  • CVE-2018-1256HigMay 7, 2018
    affected >= 2.1.2.RELEASE, < 2.1.3.RELEASEfixed 2.1.3.RELEASE

    Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which us