50 matches found
GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...
CVE-2026-33557
A flaw was found in Apache Kafka. By default, the sasl.oauthbearer.jwt.validator.class property is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator, which does not validate JSON Web Token JWT signatures, issuers, or audiences. A remote attacker can exploit this by crafting ...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to the SkipClientIDCheck configuration in the OIDC authentication provider, which disables audience claim validation. An attacker can gain unauthorized access by presenting a token issued for a different...
CVE-2026-40946
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...
CVE-2026-40946
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...
EUVD-2026-24512
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...
CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...
CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelate...
PT-2026-34190
Name of the Vulnerable Software and Affected Versions Oxia versions prior to 0.16.2 Description The OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration. This disables the standard audience aud claim validation at the library level,...
GHSA-FHVP-9HCJ-6M33 Oxia has an OIDC token audience validation bypass via SkipClientIDCheck
Summary The OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia...
Oxia has an OIDC token audience validation bypass via SkipClientIDCheck
Summary The OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience aud claim validation at the library level. This allows tokens issued for unrelated services by the same OIDC issuer to be accepted by Oxia...
GHSA-3J8V-CGW4-2G6Q fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
Impact Using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some modifiers are stateful and will cause failures in every second verification attempt...
BIT-PARSE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is...
Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
Impact The Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set clientId for Google/Apple, appIds for Facebook, JWT verification silently skips audience claim validation. This allows an...
EUVD-2026-10172
Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters...
GHSA-X6FW-778M-WR9V Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
Impact The Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration option is not set clientId for Google/Apple, appIds for Facebook, JWT verification silently skips audience claim validation. This allows an...
CVE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...
CVE-2026-30863
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...
Parse Server 授权问题漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were authorization-related vulnerabilities in versions of Parse Server prior to 8.6.10 and 9.5.0-alpha.11. These vulnerabilities stemmed from the...
GHSA-G962-2J28-3CG9 OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...