CVE-2018-1322: Exposure of Sensitive Information to an Unauthorized Actor

November 6, 2018 (updated September 20, 2021)

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.

References

github.com/advisories/GHSA-v3vf-2r98-xw8w
nvd.nist.gov/vuln/detail/CVE-2018-1322

Code Behaviors & Features

Detect and mitigate CVE-2018-1322 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →