CAS OAuth/OpenID Connect Vulnerability Disclosure

Image
CAS
June 26, 2024
CAS Community

This is an Apereo CAS project vulnerability disclosure, describing an issue in CAS acting as an OAuth/OpenID Connect provider. If your CAS server is not acting as an OAuth/OpenID Connect provider, there is nothing for you to do here. Keep calm and carry on.

The problem addressed here affects the Apereo CAS server for the following versions: 

-6.6.x

-7.0.x

See the full article on the Apereo CAS GitHub Blog.

Announcement Project News