9 matches found
CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...
EUVD-2018-0791
Malware in sbrugna...
CVE-2024-10125 Lack of JWT issuer and signer validation
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...
CVE-2024-10125
CVE-2024-10125 concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore middleware used with ALB OpenID Connect in ASP.NET Core deployments. The root cause is that JWT handling performs signature validation but fails to validate the JWT issuer and signer identity, enabling a signed token f...
CVE-2018-15801
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...
CVE-2018-15801
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...
CVE-2018-15801 Authorization Bypass During JWT Issuer Validation with spring-security
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...
Authorization Bypass
spring-security-oauth2-jose is vulnerable to authorization bypass attacks. The vulnerability exists during JWT issuer validation, and is only affected if the same private key for the issuer and the attacker are used when signing JWTs...
Authorization Bypass During JWT Issuer Validation with spring-security
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...