Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg http://www.openwall.com/lists/oss-security/2022/10/12/1 http://www.openwall.com/lists/oss-security/2022/10/12/2 http://www.openwall.com/lists/oss-security/2022/10/13/1 https://security.netapp.com/advisory/ntap-20221118-0005/
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-40664