12 matches found
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.
Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...
SUSE CVE-2026-30223
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...
CVE-2026-30863 Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...
EUVD-2018-18619
Malware in sbrugna...
Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...
OSV-2021-1658 Null-dereference READ in istio.io/istio/security/pkg/util.ExtractJwtAud
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42142 Crash type: Null-dereference READ Crash state: istio.io/istio/security/pkg/util.ExtractJwtAud...
CVE-2018-6873
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...
CVE-2018-6873
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...
Privilege escalation
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...
CVE-2018-6873
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...
CVE-2018-6873
CVE-2018-6873 affects Auth0 authentication service prior to 2017-10-15, where JWT audience validation was not performed, enabling privilege escalation. Multiple sources describe that the vulnerability allowed a remote attacker to authenticate as a higher-privilege user by forging or manipulating ...