Lucene search
K

4 matches found

OSV
OSV
added 2026/03/12 2:48 p.m.3 views

BIT-PARSE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid access token...

8.8CVSS5.8AI score0.00426EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:20 p.m.4 views

CVE-2026-30949

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

7.6CVSS5.8AI score0.00426EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/10 8:20 p.m.31 views

CVE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

7.6CVSS0.00426EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 8:20 p.m.5 views

CVE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

7.6CVSS5.8AI score0.00426EPSS
Exploits0References3
Rows per page
Query Builder