Lucene search
K

306 matches found

Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.6 views

Cloudfoundry UAA has logic error in the token revocation endpoint implementation

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/05 9:16 p.m.4 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 9:16 p.m.4 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:40 p.m.3 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 8:40 p.m.2 views

CVE-2026-22723 UAA User Token Revocation logic error

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 8:40 p.m.33 views

CVE-2026-22723 UAA User Token Revocation logic error

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 8:40 p.m.17 views

CVE-2026-22723

CVE-2026-22723 affects Cloud Foundry UAA and CF Deployment due to a logic error in the token revocation endpoint. Vulnerable ranges: UAA v77.30.0–v78.7.0 and CF Deployment v48.7.0–v54.10.0. Root cause is a faulty token revocation flow that can improperly revoke tokens. Impact is described as Inap...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23516

Name of the Vulnerable Software and Affected Versions Cloudfoundry UAA versions 77.30.0 through 78.7.0 Cloudfoundry Deployment versions 48.7.0 through 54.10.0 Description A logic error in the implementation of the token revocation endpoint leads to inappropriate user token revocation. The issue...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

CloudFoundry UAA和CloudFoundry Deployment 安全漏洞

CloudFoundry UAA and CloudFoundry Deployment are both products of the CloudFoundry Foundation. CloudFoundry UAA is a multi-tenant identity management service. CloudFoundry Deployment is a code deployment component. Both CloudFoundry UAA and CloudFoundry Deployment have security vulnerabilities...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2026/03/05 12:0 a.m.9 views

CVE-2026-22723 - UAA User Token Revocation | Cloud Foundry

Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y Vendor CloudFoundry Foundation Versions Affected UAA Release: v77.30.0 to v78.7.0 CF Deployment: v48.7.0 to v54.10.0 Description Cloud Foundry UAA release versions fro...

6.5CVSS5.9AI score0.00224EPSS
Exploits0
OSV
OSV
added 2026/03/02 7:53 p.m.5 views

GHSA-X4VH-J75G-268G NocoDB's Refresh Tokens Not Revoked on Password Reset

Summary The password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. Details passwordReset in users.service.ts updated tokenversion invalidating JWTs but did not...

7.1CVSS5.9AI score0.00181EPSS
Exploits0References4
CVE
CVE
added 2026/03/02 4:18 p.m.19 views

CVE-2026-28396

CVE-2026-28396 concerns NocoDB, a database-as-spreadsheets platform. Prior to version 0.301.3, the password reset flow failed to revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. The i...

7.1CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2025/12/15 2:15 p.m.11 views

PYSEC-2025-110

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/12/15 2:15 p.m.5 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.3 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

6.6AI score0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.23 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

0.00138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.6 views

Ubuntu 22.04 LTS : OpenStack Keystone vulnerabilities (USN-7926-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7926-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain...

7.5CVSS6.8AI score0.01319EPSS
Exploits2References4
OSV
OSV
added 2025/12/11 2:24 p.m.3 views

USN-7926-1 keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.4AI score0.01319EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2025/12/11 2:24 p.m.4 views

USN-7926-1: OpenStack Keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.8AI score0.01319EPSS
Exploits2
CVE
CVE
added 2025/11/18 12:0 a.m.17 views

CVE-2025-56643

CVE-2025-56643 affects Wiki.js 2.5.307. The root cause is in the authentication resolver logic, where active JWT tokens are not properly revoked or invalidated on user logout. This leaves previously issued tokens valid for GraphQL and logout endpoints, enabling potential unauthorized access if a ...

9.1CVSS6.6AI score0.00325EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder