CVE-2018-1322: Information Exposure

March 20, 2018 (updated March 8, 2019)

An administrator with user search entitlements in Apache Syncope can recover sensitive security values using the fiql and orderby parameters.

References

syncope.apache.org/security.html
www.securityfocus.com/bid/103507
nvd.nist.gov/vuln/detail/CVE-2018-1322
www.exploit-db.com/exploits/45400/

Detect and mitigate CVE-2018-1322 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →