SECURITY ADVISORY WSO2-2023-2589

Published: June 20, 2024

Version: 1.0.0

Severity: N/A


AFFECTED PRODUCTS

  • WSO2 Identity Server : 6.1.0 , 6.0.0 , 5.11.0 , 5.10.0 , 5.9.0 , 5.8.0
  • WSO2 Identity Server as Key Manager : 5.10.0 , 5.9.0

OVERVIEW

Potential UI manipulation in the missing claim page.

DESCRIPTION

User input text field can be increased by changing the missingClaims parameter in the missing claims page.

IMPACT

While exploiting this issue, there is no significant impact on confidentiality, integrity, and availability. Nevertheless, we are delivering this patch as an additional layer of security.

SOLUTION

We highly recommend to migrate the latest version of respective WSO2 products to mitigate the identified vulnerabilities.

Info

If you are a WSO2 customer with Support Subscription, please use WSO2 Updates in order to apply the fix.