First published: Tue Oct 19 2021(Updated: )
It was discovered that the Kerberos protocol implementation in the Libraries component of OpenJDK did not correctly report subject principals when using Kerberos Constrained Delegation. This could lead to the use of wrong Kerberos tickets.
Affected Software | Affected Version | How to fix |
---|---|---|
OpenJDK 17 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
REDHAT-BUG-2015658 is considered a medium severity vulnerability.
To fix REDHAT-BUG-2015658, update your OpenJDK to the latest patched version provided by Oracle.
REDHAT-BUG-2015658 affects the Kerberos protocol implementation in the Libraries component of OpenJDK.
The impact of REDHAT-BUG-2015658 could lead to the use of wrong Kerberos tickets when using Constrained Delegation.
Yes, OpenJDK version 17 is specifically mentioned as affected by REDHAT-BUG-2015658.