#VU80793 Improper Authorization in Jetty


Published: 2023-09-14 | Updated: 2023-10-12

Vulnerability identifier: #VU80793

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41900

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Jetty
Server applications / Web servers

Vendor: Eclipse

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to an error in the revocation process. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the current request will still treat the user as authenticated.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Jetty: 9.0.0.v20130308 - 11.0.15

External links
http://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
http://github.com/jetty/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Content Collector for SAP Applications
Multiple vulnerabilities in IBM Operations Analytics Predictive Insights
Multiple vulnerabilities in IBM Secure Proxy
Multiple vulnerabilities in IBM Secure External Authentication Server
Multiple vulnerabilities in IBM Rational Service Tester
Multiple vulnerabilities in IBM Rational Performance Tester
Multiple vulnerabilities in IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module
Multiple vulnerabilities in IBM Sterling Connect:Direct for UNIX
Multiple vulnerabilities in IBM Sterling Connect:Direct for Microsoft Windows
Multiple vulnerabilities in IBM Cognos Command Center