Low: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.1 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.17.1 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

GHSA-7MQR-2V3Q-V2WM Ory fosite contains Improper Handling of Exceptional Conditions

Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...

CVE-2020-15223

In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can...

CVE-2020-15223 Ignored storage errors on token revokation in ORY Fosite

In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can...