Maven package
org.eclipse.jetty/jetty-openid
pkg:maven/org.eclipse.jetty/jetty-openid
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-41900 | — | >= 9.4.21, < 9.4.52.v20230823 | 9.4.52.v20230823 | Sep 15, 2023 | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti |
- CVE-2023-41900Sep 15, 2023affected >= 9.4.21, < 9.4.52.v20230823fixed 9.4.52.v20230823
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti