| Tip |
|---|
This is the advisory page for Identity Provider V5 releases. For IdP plugins supported by the project, see the plugins home page. For older IdP advisories, please refer to the V4 IDP SecurityAdvisories page. For the SP, please refer to V3 SPÂ SecurityAdvisories page. As a courtesy, you can also find Jetty advisories at https://www.eclipse.org/jetty/security-reports.html and Tomcat advisories at http://tomcat.apache.org/security.html |
...
The oldest IdP 5 version unaffected by fixable vulnerabilities is 5.1.02.0
Version | EOL | User Data Exposure | User Data Accuracy | Session Hijacking | Denial of Service | Remote Exploit | Advisories |
|---|---|---|---|---|---|---|---|
All | X | X | X | 2018-01-23, 2017-05-18 | |||
5.1.2 | |||||||
5.1.1 | Apr 2024 | X | 2024-03-20 | ||||
5.1.0 | Mar 2024 | X | 2024-03-20 | ||||
5.0.0 | Mar 2024 | X |
Advisory List
Date | Title | Affects | Severity | CVE |
|---|---|---|---|---|
2024-03-20 | CAS service URL handling vulnerable to Server-Side Request Forgery | IdP < 5.1.12 | low | CVE-2024-22259, CVE-2024-22262 |
2018-01-23 | All | high | ||
2017-05-18 | All | high |
...