14 matches found
EUVD-2023-2796
Malicious code in bioql PyPI...
CVE-2023-36820
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
CVE-2023-36820
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
Code injection
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
CVE-2023-36820
Micronaut Security (io.micronaut.security: micronaut-security-oauth2) contains a vulnerability in IdTokenClaimsValidator where aud validation is skipped when a token is issued by the same issuer/provider. This affects multiple Micronaut OIDC setups where several applications share the same issuer...
CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
Micronaut Security Access Control Error Vulnerability
Micronaut Security is a Micronaut Framework open source application security solution. Micronaut Security versions 3.11.0 to 3.11.1 , 3.10.0 to 3.10.2 , 3.9.0 to 3.9.6 , 3.8.0 to 3.8.4 , 3.7.0 to 3.7.4 , 3.6.0 to 3.6.6 , 3.5.0 to 3.5.3 , 3.4.0 to 3.4.3 An access control error vulnerability exists...
io.micronaut.security:micronaut-security-aot (>=3.10.0 <=3.10.1) potentially affected by CVE-2023-36820 via io.micronaut.security:micronaut-security-oauth2 (>=3.10.0 <=3.10.1)
io.micronaut.security:micronaut-security-oauth2 MAVEN version =3.10.0, =3.10.0, =3.10.1 Source cves: CVE-2023-36820 Source advisory: OSV:GHSA-QW22-8W9R-864H...
GHSA-QW22-8W9R-864H io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud
Summary IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.javaL202 This...
io.micronaut.security:micronaut-security-aot (=3.11.0) potentially affected by CVE-2023-36820 via io.micronaut.security:micronaut-security-oauth2 (=3.11.0)
io.micronaut.security:micronaut-security-oauth2 MAVEN version =3.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.micronaut.security:micronaut-security-oauth2 and may be impacted: - io.micronaut.security:micronaut-security-aot =3.11.0 Source cve...
PT-2023-25712 · Micronaut · Micronaut Security
Name of the Vulnerable Software and Affected Versions: Micronaut Security versions prior to 3.1.2 Micronaut Security versions prior to 3.2.4 Micronaut Security versions prior to 3.3.2 Micronaut Security versions prior to 3.4.3 Micronaut Security versions prior to 3.5.3 Micronaut Security versions...
io.micronaut.configuration:micronaut-netflix-ribbon (=1.1.0), io.micronaut.configuration:micronaut-security-oauth2 (>=1.3.0 <=1.3.1) +3 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.3.0 <=1.3.1)
io.micronaut:micronaut-http-client MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2020-7611 Source advisory: OSV:GHSA-694P-XRHG-X3WM...