8 matches found
SUSE CVE-2024-8901
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...
CVE-2024-8901
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...
CVE-2024-8901
CVE-2024-8901 concerns the AWS ALB Route Directive Adapter for Istio, which integrated OIDC-like JWT authentication into Kubeflow. The issue arises from missing signer and issuer validation for JWTs, allowing an attacker to spoof OIDC sessions by presenting a JWT signed by an untrusted entity. Th...
CVE-2024-8901 Lack of JWT issuer and signer validation
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...
CVE-2024-8901 Lack of JWT issuer and signer validation
The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer...
PT-2024-39308 · Amazon +1 · Aws Alb Route Directive Adapter For Istio +1
Name of the Vulnerable Software and Affected Versions: AWS ALB Route Directive Adapter For Istio affected versions not specified Description: The issue concerns a lack of proper signer and issuer validation in the JWT authentication mechanism used by the AWS ALB Route Directive Adapter For Istio...
PT-2024-16047 · Amazon · Amazon.Applicationloadbalancer.Identity.Aspnetcore
Name of the Vulnerable Software and Affected Versions: Amazon.ApplicationLoadBalancer.Identity.AspNetCore affected versions not specified Description: The issue concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore repository, which contains middleware for use with the Application Load...
Lack of Zero Address Signer Validation
Lines of code Vulnerability details Signer should be checked to not equal the zero address otherwise an invalid signature could pass validation. --- The text was updated successfully, but these errors were encountered: All reactions...