References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025.

AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:X

CWE-601

https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c

https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced

https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d

https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv