Maven package
io.pivotal.spring.cloud/spring-cloud-sso-connector
pkg:maven/io.pivotal.spring.cloud/spring-cloud-sso-connector
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1256 | Hig | 8.1 | >= 2.1.2.RELEASE, < 2.1.3.RELEASE | 2.1.3.RELEASE | May 7, 2018 | Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which us |
- affected >= 2.1.2.RELEASE, < 2.1.3.RELEASEfixed 2.1.3.RELEASE
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which us