CVE-2023-4612 Information

Description

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch and the vendor does not treat it as a vulnerability.

Reference

https://cert.pl/posts/2023/11/CVE-2023-4612/ https://cert.pl/en/posts/2023/11/CVE-2023-4612/