3 matches found
CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host
Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...
CVE-2026-14336
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check issuer.startswith' https://ci.eclipse.org ' in isissuerknown, pia/models.py:139 instead of validating the issuer as a properly host-bounded URL. An attacker can craft an issuer such as https://[email protected]...
PT-2023-28147 · Sustainsys +1 · Sustainsys.Saml2 +1
Name of the Vulnerable Software and Affected Versions: Sustainsys.Saml2 versions prior to 1.0.3 Sustainsys.Saml2 versions prior to 2.9.2 Description: The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. When a response is...