5 matches found
CVE-2026-42602
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
CVE-2026-42602
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
CVE-2026-42602
The CVE affects opentelemetry-collector-contrib’s azureauthextension in versions 0.124.0–0.150.0. The root cause is that Authenticate performs a token equality check against a token minted by the collector’s own credential, using the client-supplied Host header to set the scope, and does not vali...