10 matches found
CVE-2026-42602
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
CVE-2026-42602 azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
CVE-2026-42602
The CVE affects opentelemetry-collector-contrib’s azureauthextension in versions 0.124.0–0.150.0. The root cause is that Authenticate performs a token equality check against a token minted by the collector’s own credential, using the client-supplied Host header to set the scope, and does not vali...
Authenticator 安全漏洞
Authenticator is an authentication tool developed by Authenticator Extension. Versions of Authenticator prior to 4.16.0 contained a security vulnerability. This vulnerability stemmed from the possibility that the authentication process could be hijacked, allowing attackers to use the identity of...
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...
Authentication flaw
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...
CVE-2023-1477
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3...
CVE-2023-1477
The CVE-2023-1477 entry concerns the HYPR Keycloak Authenticator Extension, where an Improper Authentication flaw enables Authentication Abuse. Affected components are HYPR Keycloak Authenticator Extension prior to versions 7.10.2 and 8.0.3. Root cause: insufficient/authentication bypass risk in ...