GHSA-r9pv-5rpp-vm8g
OpenAM Unauthenticated Session Hijacking via Information Exposure in CDCServlet
상세
## Summary
**Description**
An Information Exposure Through Sent Data (CWE-201) issue in OpenAM's Cross-Domain Single Sign-On (CDSSO) servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition through version 16.0.6. This issue was patched in version 16.1.1.
An attacker who can induce a logged-in victim to visit a crafted URL may receive the victim's session credential, which could enable session hijacking.
## Impact OpenAM deployments through version 16.0.6 that have CDSSO enabled are potentially affected. The CDSSO component is commonly enabled in multi-domain deployments. Exploitation requires user interaction — an authenticated user must be induced to visit an attacker-crafted URL — and is further gated on a non-default configuration being absent.
## Patch This has been patched in OpenAM Community Edition version 16.1.1. Users are encouraged to update to the latest release.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
0 수정 버전: 16.1.1 # pom.xml: bump <version>16.1.1</version> for org.openidentityplatform.openam:openam-federation