Bug 2107130 (CVE-2022-32532)
| Summary: | CVE-2022-32532 shiro: authorization bypass due to possible misconfigured | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aileenc, asoldano, ataylor, avibelli, balejosg, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, clement.escoffier, dandread, darran.lofthouse, dkreling, dosoudil, eglynn, fjuma, fmongiar, gmalinko, gsmet, hamadhan, iweiss, janstey, jjoyce, jnethert, jochrist, jross, jwon, lgao, lhh, lpeer, lthon, mburns, mkolesni, mosmerov, msochure, msvehla, nwallace, pantinor, pdelbell, peholase, pgallagh, pjindal, pmackay, probinso, rkieley, rruss, rstancel, rsvoboda, sbiarozk, scohen, sdouglas, smaestri, spower, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | shiro 1.9.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was sound in Apache Shiro's RegexRequestMatcher, which can be misconfigured and bypassed on some servlet containers. Applications using RegExPatternMatcher with '.' in the regular expression are vulnerable to an authorization bypass.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2109305 | ||
| Bug Blocks: | 2107131 | ||
|
Description
Marian Rehak
2022-07-14 12:12:34 UTC
|