OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the joint token revalidation mechanism, which did not propagate the expiration...

Pocket ID 授权问题漏洞

Pocket ID is an open-source OIDC identity provider that supports no-password authentication. Versions of Pocket ID prior to 2.6.0 had an authorization vulnerability. This vulnerability stemmed from the createTokenFromRefreshToken function not revalidating the user’s current authorization status,...