[JOC-1344] Update org.apache.shiro:shiro-core from 1.7.1 to 1.9.1 due to 3rd-party vulnerability issue CVE-2022-32532 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.13.10
Fix Version/s: 1.13.14
Component/s: None
Labels:
None

CVE-ID:
CVE-2022-32532

Description

Current Situation

Currently JOC Cockpit uses org.apache.shiro:shiro-core version 1.7.1
a vulnerability affects this version,
- The criticality of this shiro vulnerability as used in JOC Cockpit is seen as low as the szenario in which the vulnerability can be exploited is not supported in the JOC Cockpit product.
- see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532

Desired Behavior

Due to a vulnerability Issue of older org.apache.shiro:shiro-core releases the JOC Cockpit should use the current version 1.9.1 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Pramokshi Narawariya

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20 July 2022 07:31

Updated:: 10 August 2022 18:18

Resolved:: 20 July 2022 11:23