Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack (CVE-2023-34478)
23256
16 April 2024
16 April 2024
CLOSED
MEDIUM
9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-34478
|
Brocade Security Advisory ID |
BSA-2024-2570 |
|
Component |
Apache Shiro |
|
|
|
Summary
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+
Products Affected
Brocade SANnav before Brocade SANnav v2.3.1
Products Under Investigation
- Brocade ASCG
Products Confirmed Not Affected
- Brocade Fabric OS
Solution
A security update is provided in Brocade v2.3.1, v2.3.0a, and later releases.
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
4/11/2024 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.