CVE-2020-13933 Information

Feb 14, 2021 cve

Description

Apache Shiro before 1.6.0 when using Apache Shiro a specially crafted HTTP request may cause an authentication bypass.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198@3Cdev.geode.apache.org3E https://lists.apache.org/thread.html/r4c1e1249e9e1acb868db0c80728c13f448d07333da06a0f1603c0a33@3Cdev.shiro.apache.org3E https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f403Cdev.shiro.apache.org3E https://lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb@3Cdev.shiro.apache.org3E https://lists.apache.org/thread.html/r9ea6d8560d6354d41433ad006069904f0ed083527aa348b5999261a7@3Cdev.geode.apache.org3E

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: