Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/12 8:55 a.m.37 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-0791

Malware in sbrugna...

7.4CVSS4.6AI score0.00653EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/10/21 11:25 p.m.37 views

CVE-2024-10125 Lack of JWT issuer and signer validation

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

7.5CVSS0.00319EPSS
Exploits0References2
CVE
CVE
added 2024/10/21 11:25 p.m.87 views

CVE-2024-10125

CVE-2024-10125 concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore middleware used with ALB OpenID Connect in ASP.NET Core deployments. The root cause is that JWT handling performs signature validation but fails to validate the JWT issuer and signer identity, enabling a signed token f...

7.5CVSS7.6AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2018/12/19 10:29 p.m.29 views

CVE-2018-15801

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS4.8AI score0.00653EPSS
Exploits0References1
OSV
OSV
added 2018/12/19 10:29 p.m.27 views

CVE-2018-15801

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS6.7AI score0.00653EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/12/19 10:0 p.m.36 views

CVE-2018-15801 Authorization Bypass During JWT Issuer Validation with spring-security

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

3.3CVSS7.3AI score0.00653EPSS
Exploits0References1
Veracode
Veracode
added 2018/12/19 2:8 a.m.19 views

Authorization Bypass

spring-security-oauth2-jose is vulnerable to authorization bypass attacks. The vulnerability exists during JWT issuer validation, and is only affected if the same private key for the issuer and the attacker are used when signing JWTs...

7.4CVSS7.2AI score0.00653EPSS
Exploits0References3Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2018/12/18 12:0 a.m.7 views

Authorization Bypass During JWT Issuer Validation with spring-security

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS6.1AI score0.00653EPSS
Exploits0References2
Rows per page
Query Builder