2 matches found
CVE-2026-49277
CVE-2026-49277 affects Rocket.Chat. Before versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, deactivated users’ OAuth bearer and refresh tokens were not revoked: a deactivated user could continue using an existing access token and could mint a new access token from a refresh...
GHSA-6WCW-R64P-QRRW Cloudfoundry UAA has logic error in the token revocation endpoint implementation
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...