7 matches found
CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...
Cross site request forgery (csrf)
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...
Zabbix - A Case Study of Unsafe Session Storage
Introduction Zabbix is a very popular open-source monitoring platform used to collect, centralize and track metrics like CPU load and network traffic across entire infrastructures. It is very similar to solutions like Pandora FMS and Nagios. Because of its popularity, features and its privileged...
Exploit for Improper Authentication in Apache Shenyu
Apache ShenYu Admin has a vulnerability that allows for authenti...
CVE-2021-21378
An authentication bypass vulnerability was found in envoyproxy/envoy. When specifying a JSON Web Token JWT authentication filter, if allowmissing is also used, this flaw allows an attacker to craft a request with a JWT token with an incorrect issuer bypassing the filter. The highest threat from...
Input validation
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...
CVE-2017-2773
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...