CVSS 3.1 Score 4.3 of 10 (medium)


Published Sep 15, 2023
Updated: Jan 21, 2024
CWE ID 287
CWE ID 1390


CVE-2023-41900 is a vulnerability that affects versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 of the Jetty Java-based web server and servlet engine. The vulnerability involves weak authentication where a request on a previously authenticated session could bypass authentication after being rejected by the LoginService. This issue impacts usages of jetty-openid that have configured a nested LoginService capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have patches available to remediate this vulnerability, which poses a medium danger to organizations as it allows unauthorized access to protected resources through the bypassed authentication mechanism


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41900 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options