Lucene search
+L

16 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2267

Malicious code in bioql PyPI...

5CVSS6.5AI score0.00283EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/05/23 8:52 a.m.8 views

CVE-2024-41949

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

6.4CVSS7AI score0.00237EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/08/05 7:47 p.m.14 views

CVE-2024-42350 Public key confusion in third party block in Biscuit

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

3CVSS7.2AI score0.00291EPSS
Exploits0References2
nvd
nvd
added 2024/08/01 10:15 p.m.41 views

CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

5CVSS0.00283EPSS
Exploits0References1
cvelist
cvelist
added 2024/08/01 10:3 p.m.54 views

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

3CVSS0.00283EPSS
Exploits0References1
cve
cve
added 2024/08/01 10:3 p.m.74 views

CVE-2024-41948

The CVE affects biscuit-java, the Java implementation of Biscuit tokens used for microservices authentication/authorization. A vulnerability exists in the handling of ThirdPartyBlock requests: a malicious user can forge a ThirdPartyBlockRequest and alter the publicKeys field, allowing an attacker...

5CVSS3.9AI score0.00283EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2024/08/01 10:3 p.m.13 views

CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

3CVSS7AI score0.00237EPSS
Exploits0References1
cve
cve
added 2024/08/01 10:3 p.m.79 views

CVE-2024-41949

Biscuit-rust is affected by a public key confusion in third-party blocks. A forged ThirdPartyBlock request can trick a third-party authority into generating datalog that trusts the wrong keypair, enabling under-specified trust relationships. The issue is described across multiple sources (CVE-202...

6.4CVSS4AI score0.00237EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/08/01 10:3 p.m.11 views

CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

3CVSS6.8AI score0.00291EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/08/01 12:0 a.m.9 views

biscuit-java 安全漏洞

biscuit-java is a Java implementation of Biscuit authentication and authorization tokens from the biscuit-auth open source. A security vulnerability exists in biscuit-java version 3, which stems from a malicious user's spoofed third-party block request that can trick a third-party organization in...

5CVSS6.8AI score0.00283EPSS
Exploits0References2
osv
osv
added 2024/07/31 9:15 p.m.80 views

GHSA-P9W4-585H-G3C7 biscuit-auth vulnerable to public key confusion in third party block

Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it: - the public key of the previous block used in the signature - t...

3CVSS4.7AI score0.00291EPSS
Exploits0References4
osv
osv
added 2024/07/31 6:48 p.m.14 views

GHSA-5HCJ-RWM6-XMW4 biscuit-java vulnerable to public key confusion in third party block

Impact Tokens with third-party blocks containing trusted annotations generated through a third party block request. Due to implementation issues in biscuit-java, third party block support in published versions is inoperating. Nevertheless, to synchronize with other implementations, we publish thi...

5.1CVSS4.3AI score0.00283EPSS
Exploits0References6
github
github
added 2024/07/31 6:48 p.m.19 views

biscuit-java vulnerable to public key confusion in third party block

Impact Tokens with third-party blocks containing trusted annotations generated through a third party block request. Due to implementation issues in biscuit-java, third party block support in published versions is inoperating. Nevertheless, to synchronize with other implementations, we publish thi...

5CVSS3.7AI score0.00283EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2024/07/31 12:0 a.m.10 views

PT-2024-29655 · Unknown · Biscuit-Java

Name of the Vulnerable Software and Affected Versions: biscuit-java versions prior to 4.0.0 Description: The issue concerns the generation of third-party blocks for authentication and authorization tokens in microservices architectures. A malicious user can forge a third-party block request,...

5.1CVSS7.4AI score0.00283EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2024/07/31 12:0 a.m.3 views

PT-2024-29887

Name of the Vulnerable Software and Affected Versions Biscuit versions prior to 4 Description The issue concerns the generation of third-party blocks in Biscuit, an authorization token with decentralized verification. A malicious user can forge a ThirdPartyBlock request, tricking the third-party...

6.4CVSS6.4AI score0.00291EPSS
Exploits0References15
ptsecurity
ptsecurity
added 2024/07/31 12:0 a.m.11 views

PT-2024-29656

Name of the Vulnerable Software and Affected Versions biscuit-rust affected versions not specified Description The issue concerns biscuit-rust, the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. A third-party block request forged by a...

6.4CVSS6.5AI score0.00237EPSS
Exploits0References14
Rows per page
Query Builder