Lucene search

CVE-2023-22482 JWT audience claim is not verified

🗓️ 25 Jan 2023 18:15:25Reported by GitHub_MType

Vulnerability in Argo CD allows improper authorization of token

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 17
Hacker One	Internet Bug Bounty: JWT audience claim is not verified	28 Feb 202318:06	–	hackerone
OSV	CVE-2023-22482	26 Jan 202321:18	–	osv
OSV	JWT audience claim is not verified	25 Jan 202322:02	–	osv
OSV	GO-2023-1520 JWT audience claim is not verified in github.com/argoproj/argo-cd	20 Aug 202420:26	–	osv
Vulnrichment	CVE-2023-22482 JWT audience claim is not verified	25 Jan 202318:25	–	vulnrichment
Veracode	Improper Authorization	3 Feb 202307:29	–	veracode
CVE	CVE-2023-22482	26 Jan 202321:18	–	cve
RedhatCVE	CVE-2023-22482	25 Jan 202319:05	–	redhatcve
Prion	Authorization	26 Jan 202321:18	–	prion
NVD	CVE-2023-22482	26 Jan 202321:18	–	nvd

[
  {
    "vendor": "argoproj",
    "product": "argo-cd",
    "versions": [
      {
        "version": ">= 1.8.2, < 2.3.13",
        "status": "affected"
      },
      {
        "version": ">= 2.4.0-rc1, < 2.4.19",
        "status": "affected"
      },
      {
        "version": ">= 2.5.0-rc1, < 2.5.6",
        "status": "affected"
      },
      {
        "version": ">= 2.6.0-rc1, < 2.6.0-rc3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Jan 2023 18:25Current

9.3High risk

Vulners AI Score9.3

CVSS39

EPSS0.00249

CWE-863