Search CVE reports
1 – 3 of 3 results
CVE-2022-39369
Medium prioritySome fixes available 4 of 9
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate...
3 affected packages
moodle, ocsinventory-server, php-cas
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Ignored | Ignored |
| ocsinventory-server | Not affected | Fixed | Not affected | Not affected | Ignored |
| php-cas | Not affected | Fixed | Fixed | Ignored | Fixed |
CVE-2014-4172
Medium priorityA URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote...
1 affected package
php-cas
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-cas | — | — | — | Not affected | Not affected |
CVE-2017-1000071
Low priorityJasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
1 affected package
php-cas
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-cas | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |