Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/06 9:1 p.m.5 views

CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...

8.8CVSS5.8AI score0.00301EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/05 8:52 p.m.5 views

GHSA-G962-2J28-3CG9 OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes

Summary When JWT authentication is configured using either: - authJwtPubKeyPath local RSA public key, or - authJwtHmacSecret HMAC secret, the configured audience value authJwtAud is not enforced during token parsing. As a result, validly signed JWT tokens with an incorrect aud claim are accepted...

8.8CVSS6AI score0.00301EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23613

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin allows access to predefined shell commands from a web interface. When JWT authentication is configured using a local RSA public key authJwtPubKeyPath or an HMAC secret authJwtHmacSecret...

9.9CVSS5.8AI score0.22162EPSS
Exploits69References140
OSV
OSV
added 2024/11/04 10:15 p.m.7 views

AZL-52254 CVE-2024-51744 affecting package jx for versions less than 3.2.236-21

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

3.1CVSS7AI score0.00521EPSS
Exploits0References1
Rows per page
Query Builder