Pujavs

Name of the Vulnerable Software and Affected Versions: Janssen Project versions prior to 1.8.0 Gluu Flex versions prior to 5.8.0 Description: The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification, exposing a large internal surface attack area that includes information from the IDP such as clients, users, scripts, etc. This issue has been patched in version 1.8.0. Recommendations: For Janssen Project versions prior to 1.8.0, upgrade immediately to version 1.8.0. For Gluu Flex versions prior to 5.8.0, upgrade immediately to version 5.8.0. As a temporary workaround, users can fork and build the config API, patching it in their system following commit 92eea4d.