7 matches found
EUVD-2024-1892
Malicious code in bioql PyPI...
CVE-2024-5798
A flaw was found in Hashicorp Vault. Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This issue may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an...
BIT-VAULT-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...
GHSA-32CJ-5WX4-GQ8P HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...
CVE-2024-5798
CVE-2024-5798 concerns Vault and Vault Enterprise failing to properly validate the JWT aud/role-bound audience claims in the Vault JWT auth method, potentially allowing an invalid login when audience/claims don’t match. The issue is mitigated by upgrading to fixed releases: Vault 1.17.0, 1.16.3, ...
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...
Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...