GHSA-cxx6-444w-8847MediumCVSS 8.1
Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a...
🔗 CVE IDs covered (1)
📋 Description
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.