Security Vulnerabilities in Apero CAS

Hi community,

two critical security vulnerabilities in Apero CAS (CAS Groovy Vulnerability Disclosure, CAS OAuth/OpenID Connect Vulnerability Disclosure) has been identified.

After checking the Cloudogu Ecosystem and our Dogus we identified the following Dogus which are using Apero CAS and are affected by these vulnerabilities:

  • CAS
  • Jenkins

For all affected Dogus a newer version is available. You can find a guide for upgrading Dogus here.