CVE-2024-2321

WSO2 CVE-2024-2321 involves an incorrect authorization vulnerability across multiple WSO2 products that allows API access using a refresh token instead of an access token due to inadequate authorization checks and token mapping. Connected sources corroborate the issue and note that exploitation r...

WSO2 API Manager和WSO2 Identity Server 安全漏洞

WSO2 API Manager and WSO2 Identity Server IS are both products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server is an identity server. A security vulnerability exists in WSO2 API Manager and WSO2 Identity Server that stems from improper authorization...

PT-2025-8912 · Wso2 · Wso2

Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: An issue exists where protected APIs can be accessed directly using a refresh token instead of the expected access token, due to improper authorization checks and token mapping. This...

token -> vault mapping can be overwritten

Handle cmichel Vulnerability details One vault can have many tokens, but each token should only be assigned to a single vault. The Manager contract keeps a mapping of tokens to vaults in the vaultstoken = vault map, and a mapping of vault to tokens in tokensvault = token. The addToken function ca...