306 matches found
Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-22723
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-22723
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-22723
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-22723 UAA User Token Revocation logic error
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-22723 UAA User Token Revocation logic error
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...
CVE-2026-22723
CVE-2026-22723 affects Cloud Foundry UAA and CF Deployment due to a logic error in the token revocation endpoint. Vulnerable ranges: UAA v77.30.0–v78.7.0 and CF Deployment v48.7.0–v54.10.0. Root cause is a faulty token revocation flow that can improperly revoke tokens. Impact is described as Inap...
PT-2026-23516
Name of the Vulnerable Software and Affected Versions Cloudfoundry UAA versions 77.30.0 through 78.7.0 Cloudfoundry Deployment versions 48.7.0 through 54.10.0 Description A logic error in the implementation of the token revocation endpoint leads to inappropriate user token revocation. The issue...
CloudFoundry UAA和CloudFoundry Deployment 安全漏洞
CloudFoundry UAA and CloudFoundry Deployment are both products of the CloudFoundry Foundation. CloudFoundry UAA is a multi-tenant identity management service. CloudFoundry Deployment is a code deployment component. Both CloudFoundry UAA and CloudFoundry Deployment have security vulnerabilities...
CVE-2026-22723 - UAA User Token Revocation | Cloud Foundry
Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y Vendor CloudFoundry Foundation Versions Affected UAA Release: v77.30.0 to v78.7.0 CF Deployment: v48.7.0 to v54.10.0 Description Cloud Foundry UAA release versions fro...
GHSA-X4VH-J75G-268G NocoDB's Refresh Tokens Not Revoked on Password Reset
Summary The password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. Details passwordReset in users.service.ts updated tokenversion invalidating JWTs but did not...
CVE-2026-28396
CVE-2026-28396 concerns NocoDB, a database-as-spreadsheets platform. Prior to version 0.301.3, the password reset flow failed to revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. The i...
PYSEC-2025-110
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
CVE-2025-65430
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
CVE-2025-65430
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
CVE-2025-65430
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...
Ubuntu 22.04 LTS : OpenStack Keystone vulnerabilities (USN-7926-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7926-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain...
USN-7926-1 keystone vulnerabilities
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...
USN-7926-1: OpenStack Keystone vulnerabilities
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...
CVE-2025-56643
CVE-2025-56643 affects Wiki.js 2.5.307. The root cause is in the authentication resolver logic, where active JWT tokens are not properly revoked or invalidated on user logout. This leaves previously issued tokens valid for GraphQL and logout endpoints, enabling potential unauthorized access if a ...