CVE-2018-11787: Improper Authentication

September 18, 2018 (updated December 6, 2018)

When Pax Web Extender Whiteboard is installed, the Karaf console becomes available at another (insecure) URL giving access to the Karaf console to unauthenticated users.

References

karaf.apache.org/security/cve-2018-11787.txt
issues.apache.org/jira/browse/KARAF-4993
nvd.nist.gov/vuln/detail/CVE-2018-11787

Code Behaviors & Features

Detect and mitigate CVE-2018-11787 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →