Authentication Bypass by Primary Weakness
CVE-2022-3100
Summary
A flaw was found in the barbican component. This issue allows an access policy bypass via a query string when accessing the API. This issue affects the versions through 12.0.1, 13.0.0.0rc1 through 13.0.0, 14.0.0.0rc1 through 14.0.0, and 15.0.0.0rc1 through 15.0.0.0rc2.
- HIGH
- NETWORK
- LOW
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-305 - Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
References
Advisory Timeline
- Published