Search for packages
| purl | pkg:maven/org.eclipse.jetty/jetty-openid@9.4.33.v20201020 |
| Next non-vulnerable version | 9.4.52.v20230823 |
| Latest non-vulnerable version | 11.0.16 |
| Risk | 1.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-rpc4-u4aq-4qde
Aliases: CVE-2023-41900 GHSA-pwh8-58vv-vw48 |
Jetty's OpenId Revoked authentication allows one request If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T22:38:34.812332+00:00 | GitLab Importer | Affected by | VCID-rpc4-u4aq-4qde | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty/jetty-openid/CVE-2023-41900.yml | 38.4.0 |
| 2026-04-11T23:57:59.025760+00:00 | GitLab Importer | Affected by | VCID-rpc4-u4aq-4qde | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty/jetty-openid/CVE-2023-41900.yml | 38.3.0 |
| 2026-04-03T00:01:01.832745+00:00 | GitLab Importer | Affected by | VCID-rpc4-u4aq-4qde | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty/jetty-openid/CVE-2023-41900.yml | 38.1.0 |