Versions Compared

Version Old Version 7 New Version Current
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Existing ConfigurationNew Configuration

<Resource context="(.*)/api/identity/user/v1.0/validate-code" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/validate-code(.*)" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/resend-code" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/resend-code(.*)" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="POST"/><Resource context="(.*)/api/identity/user/v1.0/me(.*)" secured="true" http-method="POST"/>
<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="GET"/><Resource context="(.*)/api/identity/user/v1.0/me(.*)" secured="true" http-method="b"/>

<Resource context="(.*)/scim2/Users" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Users(.*)" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Groups" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Groups(.*)" secured="true" http-method="POST">

<Resource context="/scim2/Bulk" secured="true" http-method="all">

<Resource context="/scim2/Bulk(.*)" secured="true" http-method="all">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories" secured=" true" http-method="POST">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.*)" secured=" true" http-method="POST">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes" secured="true" http-method="POST"><Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.*)" secured="true" http-method="POST">
<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories" secured="true" http-method="POST"><Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.*)" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Me" secured="true" http-method="GET">

<Resource context="(.*)/scim2/Me(.*)" secured="true" http-method="GET">

<Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE">

<Resource context="(.*)/scim2/Me(.*)" secured="true" http-method="DELETE">

<Resource context="(.*)/scim2/Me" secured="true" http-method="PUT">

<Resource context="(.*)/scim2/Me(.*)" secured="true" http-method="PUT">

<Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH">

<Resource context="(.*)/scim2/Me(.*)" secured="true" http-method="PATCH">

<Resource context="(.*)/scim2/Me" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Me(.*)" secured="true" http-method="POST">


NOTES


If you are using any version of the Idetity Server that is not listed in the "Affected Products" section, then this vulnerability is not applicable.  If you have any questions, post them to security@wso2.com.