Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2022/06/17 12:38 a.m.5 views

com.clever-cloud:biscuit-pulsar (>=1.1.13 <=2.3.2), com.clever-cloud:integration-test (>=1.2.0 <=1.4.6) +1 more potentially affected by CVE-2022-31053 via com.clever-cloud:biscuit-java (>=0.2.7 <=1.1.4)

com.clever-cloud:biscuit-java MAVEN version =0.2.7, =1.1.13, =1.2.0, =1.5.0, =1.5.5 Source cves: CVE-2022-31053 Source advisory: OSV:GHSA-75RW-34Q6-72CR...

9.8CVSS7.2AI score0.0096EPSS
Exploits1
NVD
NVD
added 2022/06/13 8:15 p.m.48 views

CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

9.8CVSS0.0096EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/06/13 7:35 p.m.51 views

CVE-2022-31053 Signature forgery in Biscuit

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

9.8CVSS9.8AI score0.0096EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/06/13 7:35 p.m.8 views

CVE-2022-31053 Signature forgery in Biscuit

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

9.8CVSS9.7AI score0.0096EPSS
Exploits1References2
CVE
CVE
added 2022/06/13 7:35 p.m.119 views

CVE-2022-31053

CVE-2022-31053 involves Biscuit tokens where the v1 specification contains a vulnerable algorithm that allows forging valid Γ-signatures, enabling a token with any access level. The vulnerability does not affect Biscuit v2, which uses a different algorithm. Red Hat and OSV entries corroborate the...

9.8CVSS9.6AI score0.0096EPSS
Exploits1References2Affected Software3
Rows per page
Query Builder