Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2026/03/31 11:27 p.m.3 views

SUSE CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

6.5CVSS5.8AI score0.00516EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/31 10:51 p.m.5 views

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/31 10:51 p.m.1 views

GHSA-W8FP-G9RH-34JH SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

8.1CVSS5.9AI score0.00389EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/31 1:31 a.m.1 views

CVE-2026-32727 SciTokens: Authorization Bypass via Path Traversal in Scope Validation

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

8.1CVSS5.8AI score0.00516EPSS
Exploits1References4
CVE
CVE
added 2026/03/31 1:31 a.m.8 views

CVE-2026-32716

Summary: SciTokens Enforcer prior to 1.9.6 validates scope paths with a simple prefix match, allowing a token for a path like /john to access sibling paths (/johnathan, /johnny), causing an Authorization Bypass. Affecting: SciTokens library (pre-1.9.6). Root cause: incorrect scope path validation...

8.1CVSS5.8AI score0.00389EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder