← Voltar para CVEs
CVE-2025-53003
N/ADescricao
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts ..etc. This issue has been patched in version 1.8.0. A workaround for this vulnerability involves users forking and building the config api, patching it in their system following commit 92eea4d.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado7/1/2025
Ultima modificacao7/3/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-200CWE-269CWE-284
Referencias
https://github.com/JanssenProject/jans/commit/92eea4d4637f1cae16ad2f07b2c16378ff3fc5f1(security-advisories@github.com)
https://github.com/JanssenProject/jans/issues/11575(security-advisories@github.com)
https://github.com/JanssenProject/jans/releases/tag/v1.8.0(security-advisories@github.com)
https://github.com/JanssenProject/jans/security/advisories/GHSA-373j-mhpf-84wg(security-advisories@github.com)
https://github.com/JanssenProject/jans/issues/11575(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.