CVE Vulnerabilities

CVE-2020-13933

Published: Aug 17, 2020 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.

Affected Software

Name Vendor Start Version End Version
Shiro Apache * 1.6.0 (excluding)
Shiro Ubuntu bionic *
Shiro Ubuntu devel *
Shiro Ubuntu esm-apps/bionic *
Shiro Ubuntu esm-apps/xenial *
Shiro Ubuntu focal *
Shiro Ubuntu groovy *
Shiro Ubuntu hirsute *
Shiro Ubuntu impish *
Shiro Ubuntu jammy *
Shiro Ubuntu kinetic *
Shiro Ubuntu lunar *
Shiro Ubuntu trusty *
Shiro Ubuntu xenial *
Red Hat Fuse 7.8.0 RedHat shiro-core *
Red Hat Fuse/AMQ 6.3.18 RedHat shiro-core *

References