Vulnerabilities > Picketlink > Picketlink > 2.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-26 | CVE-2015-3158 | Permissions, Privileges, and Access Controls vulnerability in Picketlink 2.7.0 The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. | 4.0 |