Search CVE reports
1 – 3 of 3 results
Some fixes available 4 of 9
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate...
3 affected packages
php-cas, ocsinventory-server, moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php-cas | Not affected | Fixed | Fixed | Ignored |
| ocsinventory-server | Not affected | Fixed | Not affected | Not affected |
| moodle | Not in release | Not in release | Not in release | Ignored |
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote...
1 affected package
php-cas
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php-cas | — | — | — | Not affected |
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
1 affected package
php-cas
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php-cas | Not affected | Not affected | Not affected | Vulnerable |