CVE-2024-39848

June 29, 2024, 10:15 p.m.

None
No Score

Description

Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.

Product(s) Impacted

Product Versions
Internet2 Grouper
  • ['before 5.6']
Grouper for Web Services
  • ['before 4.13.1']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://spaces.at.internet2.edu/display/Grouper/Grouper+bug+-+GRP-5515+-+web+services+LDAP+authentication+security+vulnerability

Tags

cve@mitre.org
2024-06-29
CVE-2024-39848

Timeline

Published: June 29, 2024, 10:15 p.m.
Last Modified: June 29, 2024, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.