3 matches found
CVE-2023-40171 Dispatch writes JWT tokens in error message
Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the Dispatch Plugin - Basic Authentication Provider plugin encounters an error when attempting to decode a JWT token. Any Dispatch users...
CVE-2023-40171 Dispatch writes JWT tokens in error message
Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the Dispatch Plugin - Basic Authentication Provider plugin encounters an error when attempting to decode a JWT token. Any Dispatch users...
CVE-2023-40171
CVE-2023-40171 affects the Dispatch open‑source security incident management tool. The server response includes the JWT secret used to sign tokens in errors raised by the Dispatch Plugin - Basic Authentication Provider, enabling an attacker to craft valid JWTs and potentially take over any accoun...