Skip to main content

Authentication Bypass by Primary Weakness

CVE-2022-3100

Severity Medium
Score 5.9/10

Summary

A flaw was found in the barbican component. This issue allows an access policy bypass via a query string when accessing the API. This issue affects the versions through 12.0.1, 13.0.0.0rc1 through 13.0.0, 14.0.0.0rc1 through 14.0.0, and 15.0.0.0rc1 through 15.0.0.0rc2.

  • HIGH
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

Advisory Timeline

  • Published