3 matches found
PT-2026-48846
Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description The JwtAccessTokenValidator class fails to validate the aud Audience claims of incoming JWT access tokens. This flaw enables a JWT issued for one Resource Server...
GO-2024-2921 HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
HashiCorp Vault Incorrectly Validated JSON Web Tokens JWT Audience Claims in github.com/hashicorp/vault. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...