12 matches found
GHSA-P49J-V9WC-WG57 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
Impact OpenBao's namespaces provide multi-tenant separation. A tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. Patches This was addressed in v2.5.3...
OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
Impact OpenBao's namespaces provide multi-tenant separation. A tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. Patches This was addressed in v2.5.3...
Improper Restriction of Security Token Assignment
Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...
CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...
CVE-2026-40264
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, a tenant that leaks token accessors could have their token revoked or renewed by a privileged administrator in another tenant. This cross-namespace exposure is mitigated in version 2.5.3. The CVE entry not...
GHSA-7M55-2HR4-PW78 Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence
Summary The localLoginHandlers struct in the Juju API server maintains an in-memory map to store discharge tokens following successful local authentication. This map is accessed concurrently from multiple HTTP handler goroutines without any synchronization primitive protecting it. The absence of ...
PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
Summary OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. Details...
PT-2026-29829
Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description A flaw exists in the token validation process, where the OAuthManager.validate token function incorrectly returns True for any token not found in its internal store. This store is empty by...
EAP: OIDC app attempting to access the second tenant, the user should be prompted to log
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...
EAP: OIDC app attempting to access the second tenant, the user should be prompted to log
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...
EAP: OIDC app attempting to access the second tenant, the user should be prompted to log
A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...