SECURITY ADVISORY WSO2-2023-2589¶
Published: June 20, 2024
Version: 1.0.0
Severity: N/A
AFFECTED PRODUCTS¶
- WSO2 Identity Server : 6.1.0 , 6.0.0 , 5.11.0 , 5.10.0 , 5.9.0 , 5.8.0
- WSO2 Identity Server as Key Manager : 5.10.0 , 5.9.0
OVERVIEW¶
Potential UI manipulation in the missing claim page.
DESCRIPTION¶
User input text field can be increased by changing the missingClaims parameter in the missing claims page.
IMPACT¶
While exploiting this issue, there is no significant impact on confidentiality, integrity, and availability. Nevertheless, we are delivering this patch as an additional layer of security.
SOLUTION¶
We highly recommend to migrate the latest version of respective WSO2 products to mitigate the identified vulnerabilities.
Info
If you are a WSO2 customer with Support Subscription, please use WSO2 Updates in order to apply the fix.