Lucene search

io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud

🗓️ 05 Oct 2023 20:14:55Reported by GoogleType

osv🔗 osv.dev👁 9 Views

micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud. Workaround available by setting valid values for audience. Upgrade to patched release soon. If unable to upgrade, patch by creating replacement of IdTokenClaimsValidator

Reporter	Title	Published	Views	Family All 8
Veracode	Claim Validation Bypass	9 Oct 202306:59	–	veracode
OSV	CVE-2023-36820	9 Oct 202314:15	–	osv
Prion	Code injection	9 Oct 202314:15	–	prion
Cvelist	CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud	9 Oct 202313:30	–	cvelist
Vulnrichment	CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud	9 Oct 202313:30	–	vulnrichment
CVE	CVE-2023-36820	9 Oct 202314:15	–	cve
NVD	CVE-2023-36820	9 Oct 202314:15	–	nvd
Github Security Blog	io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud	5 Oct 202320:55	–	github

Source	Link
github	www.github.com/micronaut-projects/micronaut-security/security/advisories/GHSA-qw22-8w9r-864h
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-36820
github	www.github.com/micronaut-projects/micronaut-security/commit/9728b925221a0d87798ccf250657a3c214b7e980
github	www.github.com/micronaut-projects/micronaut-security
github	www.github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.java

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Oct 2023 20:55Current

7High risk

Vulners AI Score7

CVSS34.8 - 6.5

EPSS0.00054

SSVC