Insecure Direct Object Reference (IDOR)

org.eclipse.edc,control-plane-catalog is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing filtering on single dataset requests, which fails to properly verify access permissions for restricted datasets. It allows unauthorized parties to access sensitive...

Sensitive Information Disclosure

org.eclipse.edc: data-plane-http-oauth2-core is vulnerable to Sensitive Information Disclosure. The vulnerability arises from a misconfiguration in the OAuth2-protected data sink feature, where the consumer-provided clientSecretKey is resolved in the context of the provider's vault instead of the...