5 matches found
com.clever-cloud:biscuit-pulsar (>=1.1.13 <=2.3.2), com.clever-cloud:integration-test (>=1.2.0 <=1.4.6) +1 more potentially affected by CVE-2022-31053 via com.clever-cloud:biscuit-java (>=0.2.7 <=1.1.4)
com.clever-cloud:biscuit-java MAVEN version =0.2.7, =1.1.13, =1.2.0, =1.5.0, =1.5.5 Source cves: CVE-2022-31053 Source advisory: OSV:GHSA-75RW-34Q6-72CR...
CVE-2022-31053
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...
CVE-2022-31053 Signature forgery in Biscuit
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...
CVE-2022-31053 Signature forgery in Biscuit
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...
CVE-2022-31053
CVE-2022-31053 involves Biscuit tokens where the v1 specification contains a vulnerable algorithm that allows forging valid Γ-signatures, enabling a token with any access level. The vulnerability does not affect Biscuit v2, which uses a different algorithm. Red Hat and OSV entries corroborate the...