Affecting org.apache.syncope:syncope-core artifact, versions [1.2.0, 1.2.11), [2.0.0, 2.0.8)
org.apache.syncope:syncope-core is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license.
Affected versions of this package are vulnerable to Information Exposure. An administrator with user search entitlements can recover sensitive security values using the
org.apache.syncope:syncope-core to versions 1.2.11, 2.0.8 or higher.