CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41949

Biscuit-rust is affected by a public key confusion in third-party blocks. A forged ThirdPartyBlock request can trick a third-party authority into generating datalog that trusts the wrong keypair, enabling under-specified trust relationships. The issue is described across multiple sources (CVE-202...

CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

biscuit-rust 安全漏洞

biscuit-rust is a Rust implementation of the Biscuit authorization token from the biscuit-auth open source. A security vulnerability exists in biscuit-rust version 4, which stems from the fact that a malicious user's spoofed third-party block request can trick a third-party organization into...

SUSE CVE-2024-40648

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

ROS-20240729-09

Vulnerability in Cargo package manager of Rust programming language is related to ignoring umask when extracting archives created on UNIX-like systems. when retrieving archives created on UNIX-like systems. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute...

ROS-20240729-11

A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

The vulnerability of the Cargo package manager in the Rust programming language allows a hacker to execute arbitrary code.

The vulnerability of the Cargo package manager in the Rust programming language is related to the ignoring of umask when extracting archives created on UNIX-like systems. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

c2pa (>=0.1.0 <=1.0.0), c2patool (>=0.1.1 <=0.5.1) potentially affected by unknown CVE via xmp_toolkit (>=0.3.8 <=1.7.3)

xmptoolkit CARGO version =0.3.8, =0.1.0, =0.1.1, =0.5.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0360...

Apache Arrow Rust Object Store Log Message Disclosure Vulnerability

Apache Arrow is a cross-language development platform for in-memory data processing from the U.S. Apache Apache Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A log message disclosure vulnerability...

The vulnerability of the Rust library for working with Git repositories like gitoxide arises from incorrect elimination of special elements in the output data. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Rust library for working with Git repositories like gitoxide is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted URL address...

CVE-2022-0614 affecting package rust for versions less than 1.75.0-1

CVE-2022-0614 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

CVE-2022-35256 affecting package rust for versions less than 1.75.0-1

CVE-2022-35256 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

CVE-2022-1201 affecting package rust for versions less than 1.75.0-1

CVE-2022-1201 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

CVE-2022-32215 affecting package rust for versions less than 1.75.0-1

CVE-2022-32215 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

CVE-2022-0890 affecting package rust for versions less than 1.75.0-1

CVE-2022-0890 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

CVE-2022-32213 affecting package rust for versions less than 1.75.0-1

CVE-2022-32213 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

CVE-2024-28182 affecting package rust for versions less than 1.75.0-1

CVE-2024-28182 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...

Photon OS 3.0: Rust PHSA-2022-3.0-0358

An update of the rust package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0358. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Rust PHSA-2023-5.0-0177

An update of the rust package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0177. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...