Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this
security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
3. cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter
A flaw was found in the OAuthRequestFilter component of cxf. A logic error in this filter inadvertently creates an inverse security check when enabled. This issue causes legitimate requests from a bound IP address to be rejected, while requests from any other IP address are blindly allowed. This could lead to unauthorized access to resources.
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.