Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1892

Malicious code in bioql PyPI...

7.5CVSS5.3AI score0.00343EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/07/05 9:52 a.m.25 views

CVE-2024-5798

A flaw was found in Hashicorp Vault. Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This issue may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an...

2.6CVSS3.6AI score0.00343EPSS
Exploits0References5
OSV
OSV
added 2024/06/17 7:39 a.m.191 views

BIT-VAULT-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

7.5CVSS3.9AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2024/06/12 9:31 p.m.30 views

GHSA-32CJ-5WX4-GQ8P HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

2.6CVSS3.9AI score0.00343EPSS
Exploits0References4
CVE
CVE
added 2024/06/12 6:55 p.m.794 views

CVE-2024-5798

CVE-2024-5798 concerns Vault and Vault Enterprise failing to properly validate the JWT aud/role-bound audience claims in the Vault JWT auth method, potentially allowing an invalid login when audience/claims don’t match. The issue is mitigated by upgrading to fixed releases: Vault 1.17.0, 1.16.3, ...

7.5CVSS3.4AI score0.00343EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/12 6:55 p.m.3 views

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

2.6CVSS6.3AI score0.00343EPSS
Exploits0References4
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/06/12 6:47 p.m.10 views

Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...

7.5CVSS6.3AI score0.00343EPSS
Exploits0Affected Software1
Rows per page
Query Builder