4 matches found
CVE-2026-30223
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...
GHSA-G962-2J28-3CG9 OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...
PT-2026-23613
Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin allows access to predefined shell commands from a web interface. When JWT authentication is configured using a local RSA public key authJwtPubKeyPath or an HMAC secret authJwtHmacSecret...
AZL-52254 CVE-2024-51744 affecting package jx for versions less than 3.2.236-21
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...