CNNVD-202507-008 Information

CNNVD ID

CNNVD-202507-008

Related CVE

CVE-2025-53003

• CNNVD Published: 2025-07-01

Description (Chinese)

Janssen是Janssen Project开源的一个开源的用户认证组件。 Janssen 1.8.0之前版本存在安全漏洞，该漏洞源于Config API返回结果时未验证范围，可能导致信息泄露。

Description (English)

Janssen is an open-source user authentication component of the Janssen Project open source. Janssen 1.8.0 had a security loophole, which originated in the failure to verify the scope of the return results of Config API and could lead to the disclosure of information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Janssen Project

Published

2025-07-01

Last Modified

2026-02-24

References

https://github.com/JanssenProject/jans/security/advisories/GHSA-373j-mhpf-84wg https://github.com/JanssenProject/jans/commit/92eea4d4637f1cae16ad2f07b2c16378ff3fc5f1 https://github.com/JanssenProject/jans/issues/11575 https://github.com/JanssenProject/jans/releases/tag/v1.8.0 https://access.redhat.com/security/cve/cve-2025-53003

Patch

https://docs.jans.io/stable/