EUVD-2026-32931

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

OESA-2024-2443 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: VUL-0: CVE-2022-3102: python-jwcrypto: jwcrypto token substitution can lead to authentication bypassCVE-2022-3102 JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6...

GHSA-GWP4-MCV4-W95J jwcrypto token substitution can lead to authentication bypass

The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a .. signed JWS with a JWE that...

jwcrypto token substitution can lead to authentication bypass

The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a .. signed JWS with a JWE that...

PT-2022-20464 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: The issue concerns the JWT code's ability to auto-detect token types, potentially leading to incorrect conclusions about token trustworthiness. Under certain circumstances, an attacker can...