Sling Authentication Service
by Apache
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15700 | Hig | 0.57 | 8.8 | 0.02 | Dec 18, 2017 | A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | ||
| CVE-2021-41826 | 0.02 | — | 0.12 | Sep 29, 2021 | PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. |
- risk 0.57cvss 8.8epss 0.02
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
- CVE-2021-41826Sep 29, 2021risk 0.02cvss —epss 0.12
PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.