29 matches found
EUVD-2021-26839
Malware in sbrugna...
EUVD-2019-5975
Malware in sbrugna...
EUVD-2024-33410
Malicious code in bioql PyPI...
CVE-2024-10295
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...
CVE-2024-10295 Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...
CVE-2024-10295 Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...
CVE-2024-0560 Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions
A vulnerability was found in 3Scale, when used with Keycloak 15 or RHSSO 7.5.0 and superiors. When the authtype is use3scaleoidcissuerendpoint, the Token Introspection policy discovers the Token Introspection endpoint from the tokenintrospectionendpoint field, but the field was removed on RH-SSO...
CVE-2023-0456
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...
CVE-2023-0456
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...
CVE-2023-0456
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...
Information disclosure
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...
CVE-2023-0456 Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...
CVE-2023-0456 Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...
CVE-2023-0456
CVE-2023-0456 affects Red Hat APICast, specifically 3Scale’s OIDC module. The flaw arises when the OIDC module does not properly evaluate a mismatched token from a separate realm, potentially allowing access to information that should be unauthorized. Documents describe this as an information dis...
PT-2023-16285 · 3Scale · Apicast
Name of the Vulnerable Software and Affected Versions: APICast affected versions not specified Description: A flaw was found in APICast, specifically in 3Scale's OIDC module, which does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate rea...
CVE-2023-0456
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...
Red Hat APICast 安全漏洞
Red Hat APICast is an interface for handling API requests from Red Hat, Inc. A security vulnerability exists in Red Hat APICast that stems from calling an API backend with an incorrect JWT token proxy without proper authorization checks...
CVE-2021-3523
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...
CVE-2021-3523
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...
Authentication flaw
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address...