CAS - Critical - Third Party Libraries - BACKDROP-SA-CONTRIB-2023-002
- Access bypass
- Third Party Libraries
Central Authentication Services (CAS) is a commonly used Single Sign-On protocol used by many universities and large organizations.
The module includes a copy of the phpCAS library that is maintained by a third-party. Previous versions of this library may allow an attacker to gain unauthorized access to a user account in Backdrop. This release both includes and supports an updated version of the library that addresses this issue.
For more information concerning the exploit, please visit the following URL: https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
- CAS module versions prior to 1.x-1.0.1