3 matches found
GHSA-G6VG-WJ8F-48CJ Centrifugo's dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT authentication bypass
Summary Centrifugo's dynamic JWKS endpoint feature can verify a JWT for one allowed issuer using a public key cached from another allowed issuer. The JWKS cache and singleflight lookup are keyed only by the JWT header kid, not by the resolved JWKS endpoint, issuer, audience, or other trust-domain...
CVE-2025-46647 Apache APISIX: improper validation of issuer from introspection discovery url in plugin openid-connect
A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3...
Apache Apisix 安全漏洞
Apache Apisix is a cloud-native microservices API gateway service from the Apache USA Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot loading, suitable for API management under the microservice system. A security vulnerability exists in...