9 matches found
CVE-2026-31813
Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the IdTokenGrantParams.getProvider issuer validation logic in the Apple and Azure provider handlers. An attacker can obtain valid sessions for arbitrary users by submitting crafted ID tokens that bypass issuer...
CVE-2026-31813
Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...
CVE-2026-31813 Supabase Auth has insecure Apple and Azure authentication with ID tokens
Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...
CVE-2026-31813
Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...
CVE-2026-31813
CVE-2026-31813 affects Supabase Auth. Before version 2.185.0, if Apple or Azure as OIDC providers are enabled, an attacker can create a valid, asymmetrically signed ID token from their issuer for each victim email and send it to the token endpoint using the ID token flow. If the ID token is OIDC ...
EUVD-2026-11239
Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...
PT-2026-24743
Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue sessions for arbitrary users using specially crafted ID tokens when the Apple or Azure providers are enabled. The attacker issues a...
Auth 安全漏洞
Auth is a user authentication and management system developed by Supabase. Previous versions of Supabase Auth, such as 2.185.0, had security vulnerabilities. These vulnerabilities occurred when Apple or Azure providers were enabled, allowing attackers to issue session tokens for arbitrary users...