20 matches found
CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15
CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15. A patched version of the package is available...
SUSE CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
Security Bulletin: A jwt-go vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2020-26160)
Summary A vulnerability in jwt-go affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for steps to address this issue. Vulnerability Details CVEID:CVE-2020-26160 DESCRIPTION: jwt-go could allow a remote attacker to bypass security restrictions, caused by a ty...
Security Bulletin: IBM Security Guardium Insights is affected by JWT-Go vulnerability (CVE-2020-26160)
Summary IBM Security Guardium Insights adreesed the following issue Vulnerability Details CVEID: CVE-2020-26160 DESCRIPTION: jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m"aud" happens to be string. By sending a specially-crafted...
Moderate: Red Hat Security Advisory: Cryostat security update
Updated RHEL-8 based Cryostat container images are now available Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update
Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.7.0 security, bug fix, and enhancement update
Updated images which include numerous security fixes, bug fixes, and enhancements are now available for Red Hat OpenShift Container Storage 4.7.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...
Moderate: Red Hat Security Advisory: OpenShift Virtualization 2.6.0 security and bug fix update
An update is now available for RHEL-8-CNV-2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update
Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: Red Hat Security Advisory: Release of OpenShift Serverless 1.13.0 security update
Release of OpenShift Serverless 1.13.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE link...
Security Bulletin: A vulnerability have been identified in jwt-go shipped with IBM Netcool Operations Insight Event Integrations Operator (CVE-2020-26160)
Summary jwt-go is a dependency shipped with IBM Netcool Operations Insight Event Integrations Operator. Information about the security vulnerability affecting jwt-go has been published. CVE-2020-26160 Vulnerability Details CVEID: CVE-2020-26160 DESCRIPTION: jwt-go could allow a remote attacker to...
AZL-41684 CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
CVE-2020-26160 vulnerabilities
Vulnerabilities for packages: dgraph, docker-credential-acr-env, gitness...
CVE-2020-26160 vulnerabilities
Vulnerabilities for packages: docker-credential-acr-env-fips, gitness, docker-credential-acr-env, dgraph...
CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
CVE-2020-26160
The CVE-2020-26160 entry concerns jwt-go prior to 4.0.0-preview1. The vulnerability allows bypass of audience restrictions when m["aud"] is []string{}; due to a type assertion failure, aud becomes the empty string, which is problematic if a service does not enforce its own audience checks. The pr...
CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...
CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...