Lucene search
K

7 matches found

OSV
OSV
added 2026/06/18 1:52 p.m.4 views

GHSA-WXG7-W2V3-W38G ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider

Summary Two closely related token lifecycle validation vulnerabilities were discovered in ZITADEL's external JWT Identity Provider IdP implementation. Specifically, within the validation pipeline: Missing Expiration exp Enforcement: If an incoming JWT omits the exp claim entirely, the expiration...

4.2CVSS5.6AI score
Exploits0References5
CVE
CVE
added 2026/05/13 3:2 p.m.23 views

CVE-2026-44459

CVE-2026-44459 (Hono) concerns improper validation of JWT NumericDate claims (exp, nbf, iat) in hono/utils/jwt prior to 4.12.18. The vulnerability allows tokens with non-spec-compliant claim values to silently bypass time-based checks when verify() processes malformed claims (not exploitable by a...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:2 p.m.9 views

CVE-2026-44459

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2020/12/02 8:15 p.m.6 views

PYSEC-2020-69

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...

6.8CVSS6.9AI score0.00815EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/12/02 12:0 a.m.4 views

PT-2020-16372 · Python · Python Oic

Name of the Vulnerable Software and Affected Versions: Python oic versions prior to 1.2.1 Description: The issue affects client implementations using the Python oic library, a Python OpenID Connect implementation. There are several related cryptographic issues: 1 The IdToken signature algorithm w...

7.6CVSS6.8AI score0.00815EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.2 views

openstack-keystone: token expiration date stored incorrectly

A flaw was found in keystone revocation events that resulted in the "issuedat" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID...

4.9CVSS5.7AI score0.01515EPSS
Exploits0References4
PyPA
PyPA
added 2014/08/25 2:55 p.m.5 views

PYSEC-2014-108

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

4.9CVSS6.8AI score0.01515EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder