ByteOS Network

JanssenProject

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-54876

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-6.9||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-05 Aug, 2025 | 23:35

Updated-06 Aug, 2025 | 20:23

Jans CLI stores plaintext passwords in the local cli_cmd.log file

The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.

Vendor-JanssenProject

Product-jans

CWE ID-CWE-522

Insufficiently Protected Credentials

CVE-2025-53003

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.2||HIGH

EPSS-0.06% / 18.42%

7 Day CHG~0.00%

Published-01 Jul, 2025 | 01:22

Updated-03 Jul, 2025 | 15:14

Janssen Config API returns results without scope verification

The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information from the IDP including clients, users, scripts ..etc. This issue has been patched in version 1.8.0. A workaround for this vulnerability involves users forking and building the config api, patching it in their system following commit 92eea4d.

Vendor-JanssenProject

Product-jans

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-269

Improper Privilege Management

CWE ID-CWE-284

Improper Access Control