Description

Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.

INFO

Published Date :

2024-06-29T00:00:00.000Z

Last Modified :

2025-03-27T19:08:16.288Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39848 vulnerability.

Vendors Products
Internet2
  • Grouper
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39848.

URL Resource
https://spaces.at.internet2.edu/display/Grouper/Grouper+bug+-+GRP-5515+-+web+services+LDAP+authentication+security+vulnerability cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact