Lucene search
K

4 matches found

NVD
NVD
added 2024/01/10 5:15 a.m.40 views

CVE-2024-21643

IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim...

8.8CVSS7.3AI score0.02214EPSS
Exploits0References4
CVE
CVE
added 2024/01/10 4:13 a.m.67 views

CVE-2024-21643

The CVE-2024-21643 issue affects IdentityModel Extensions for .NET (Microsoft.IdentityModel.Protocols.SignedHttpRequest) where the SignedHttpRequest protocol/validator trusts the jku claim by default, enabling remote/local HTTP GET requests. Multiple sources confirm this vulnerability and identif...

8.8CVSS8.5AI score0.02214EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2024/01/09 6:25 p.m.2 views

Authorization Bypass

Overview Microsoft.IdentityModel.Protocols.SignedHttpRequest is a package that includes types that provide support for the SignedHttpRequest protocol Affected versions of this package are vulnerable to Authorization Bypass via the SignedHttpRequest protocol or the SignedHttpRequestValidator. The...

8.8CVSS6.8AI score0.02214EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/01/09 6:25 p.m.19 views

Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability

Impact What kind of vulnerability is it? Who is impacted? Anyone leveraging the SignedHttpRequestprotocol or the SignedHttpRequestValidatoris vulnerable. Microsoft.IdentityModel trusts the jkuclaim by default for the SignedHttpRequestprotocol. This raises the possibility to make any remote or loc...

8.8CVSS7AI score0.02214EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder