2 matches found
GHSA-QW22-8W9R-864H io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud
Summary IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.javaL202 This...
CVE-2020-4461
IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing idtoken claims manipulation without verification. IBM X-Force ID: 181481...