Lucene search
+L

7 matches found

OSV
OSV
added 2026/05/11 5:58 p.m.8 views

GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/11 5:58 p.m.14 views

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/11 7:36 p.m.23 views

CVE-2026-27478

CVE-2026-27478 relates to Unity Catalog (0.4.0 and earlier). The vulnerability is a critical authentication bypass in the token exchange endpoint at /api/1.0/unity-control/auth/tokens, where the issuer (iss) claim from incoming JWTs is used to dynamically fetch the JWKS endpoint for signature val...

9.1CVSS5.8AI score0.00183EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/29 9:47 p.m.6 views

CVE-2025-59936

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

9.4CVSS6.4AI score0.00372EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/26 2:27 p.m.7 views

get-jwks: poisoned JWKS cache allows post-fetch issuer validation bypass

Summary A vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. Details When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an unexpected issuer to be reused, resulting in a bypass of issuer...

9.4CVSS6.7AI score0.00372EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/09/26 2:27 p.m.5 views

Improper Encoding or Escaping of Output

Overview get-jwks is a Fetch utils for JWKS keys Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the getPublicKey process. An attacker can bypass issuer validation and gain unauthorized access by poisoning the JWKS cache with a crafted public key an...

9.4CVSS6.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/04/14 5:57 p.m.5 views

openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is t...

7.4CVSS7.1AI score0.18339EPSS
Exploits1References5
Rows per page
Query Builder