292 matches found
pki-core security update
An update is available for module.pki-core, module.ldapjdk, resteasy, jss, tomcatjss, ldapjdk, module.jss, module.resteasy, module.tomcatjss, pki-core. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
RLSA-2024:4367 Important: pki-core security update
The Public Key Infrastructure PKI Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fixes: dogtag ca: token authentication bypass vulnerability CVE-2023-4727 For more details about the security issues, including the impact, a CVSS...
RockyLinux 8 : pki-core (RLSA-2024:4367)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4367 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the RockyLinux security...
Passport-wsfed-saml2 安全漏洞
Passport-wsfed-saml2 is an Auth0 open source token authentication provider program. A security vulnerability exists in Passport-wsfed-saml2 versions 3.0.5 through 4.6.3 that stems from a SAML authentication flaw that could lead to user impersonation...
OESA-2025-1269 pki-core security update
Dogtag PKI is a designed enterprise software system manage enterprise Public Key Infrastructure deployments. Security Fixes: A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an...
Linux Distros Unpatched Vulnerability : CVE-2024-42368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry da...
GO-2025-3460 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution
Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution...
Improper Authentication
github.com/distribution/distribution/v3 is vulnerable to Improper Authentication. The vulnerability is due to Improper Authentication due to inadequate verification of JSON Web Keys JWK in JSON Web Tokens JWT, allowing an attacker to inject an untrusted signing key when token authentication is...
CVE-2025-24976
A flaw was found in Distribution. Certain versions with token authentication enabled may be vulnerable to an issue where token authentication allows an attacker to inject an untrusted signing key in a JSON web token JWT. The issue is due to how the JSON web key JWK verification is performed. When...
SUSE CVE-2025-24976
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...
Distribution's token authentication allows to inject an untrusted signing key in a JWT
Impact Systems running registry version 3.0.0-beta.1 with token authentication enabled. Patches Update to at least v3.0.0-rc.3 Workarounds There is no way to work around this issue without patching if your system requires token authentication. References The issue lies in how the JWK verification...
CVE-2025-24976
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...
CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...
CVE-2025-24976
Distribution’s token authentication flaw (CVE-2025-24976) affects registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token auth enabled. The root cause: JWT JWK verification accepts a header with a certificate chainless JWK but only validates the KeyID against trusted keys, not the actual key...
CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...
CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...
CVE-2025-24976
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...
PT-2025-6252
Name of the Vulnerable Software and Affected Versions: Distribution versions 3.0.0-beta.1 through 3.0.0-rc.2 Description: The issue lies in how the JSON web key JWK verification is performed. When a JSON web token JWT contains a JWK header without a certificate chain, the code only checks if the...
SUSE CVE-2024-53862
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...
WordPress plugin OAuth Single Sign On – SSO (OAuth Client) 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. An authorization issue vulnerability exists in WordPre...