3 matches found
CVE-2026-37979
A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect OIDC token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims intended for other...
Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...
oxia 授权问题漏洞
Oxia is a distributed metadata storage and coordination system developed by Oxia OpenSource. Versions of Oxia prior to 0.16.2 had an authorization issue vulnerability. This vulnerability stemmed from the OIDC authentication provider setting the SkipClientIDCheck: true unconditionally in the go-oi...