Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-53003
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-01 Jul, 2025 | 01:22
Updated At-01 Jul, 2025 | 13:34
Rejected At-
▼CVE Numbering Authority (CNA)
Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts ..etc. This issue has been patched in version 1.8.0. A workaround for this vulnerability involves users forking and building the config api, patching it in their system following commit 92eea4d.

Affected Products
Vendor
JanssenProject
Product
jans
Versions
Affected
  • < 1.8.0
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWECWE-269CWE-269: Improper Privilege Management
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-269
Description: CWE-269: Improper Privilege Management
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/JanssenProject/jans/security/advisories/GHSA-373j-mhpf-84wg
x_refsource_CONFIRM
https://github.com/JanssenProject/jans/issues/11575
x_refsource_MISC
https://github.com/JanssenProject/jans/commit/92eea4d4637f1cae16ad2f07b2c16378ff3fc5f1
x_refsource_MISC
https://github.com/JanssenProject/jans/releases/tag/v1.8.0
x_refsource_MISC
Hyperlink: https://github.com/JanssenProject/jans/security/advisories/GHSA-373j-mhpf-84wg
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/JanssenProject/jans/issues/11575
Resource:
x_refsource_MISC
Hyperlink: https://github.com/JanssenProject/jans/commit/92eea4d4637f1cae16ad2f07b2c16378ff3fc5f1
Resource:
x_refsource_MISC
Hyperlink: https://github.com/JanssenProject/jans/releases/tag/v1.8.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/JanssenProject/jans/issues/11575
exploit
Hyperlink: https://github.com/JanssenProject/jans/issues/11575
Resource:
exploit
Details not found