CVE-2026-1035

CVE-2026-1035 describes a race condition in Keycloak’s TokenManager when strict refresh token rotation is enabled: the validation/update of refresh token usage is not atomic, allowing concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from one refresh to...

EUVD-2023-27014

Malicious code in bioql PyPI...

Improper Authorization

DIRAC is vulnerable to Improper Authorization. The vulnerability is caused due to the TokenManager not checking permissions on cached tokens. This allows an attacker to use improperly cached tokens to gain access to resources, data, or functionalities within the DIRAC system for which they do not...

CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

GHSA-59QJ-JCJV-662J DIRAC's TokenManager does not check permissions on cached tokens

Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...

DIRAC's TokenManager does not check permissions on cached tokens

Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...

sendToken() shouldn't have metadata parameter

Lines of code Vulnerability details Impact Users calling sendToken with metadata may trigger a revert or lose the calldata if its size is 1-3 bytes when the destination is an EOA. Proof of Concept In transmitSendToken, we discard the calldata if it's less than 4 bytes, and revert if it's bigger o...

TokenManager.sendToken/callContractWithInterchainToken/transmitInterchainTransfer require re-entry protection

Lines of code Vulnerability details Impact Anyone can deploy a TokenManagerLockUnlock for the existing ERC20 via registerCanonicalToken, and deploy the corresponding token on a target chain via deployRemoteCanonicalToken. After the TokenManagers of the two chains are created, users can transfer...

Gas refunds are returned to the wrong address, leading to loss of funds for the payer

Lines of code Vulnerability details Impact To pay for cross-chain messages/calls, a user/third-party service must pay a reasonable fee in this case using the native token. However, often times a user will overpay to ensure that there is an adequate buffer for their tx to successfully succeed in...

Code injection

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

CVE-2023-22912

CVE-2023-22912 affects MediaWiki releases prior to 1.35.9, 1.36.x up to 1.38.x before 1.38.5, and 1.39.x before 1.39.1. The CheckUser TokenManager uses AES-CTR with a repeated nonce, enabling an adversary to decrypt data. Impact is confidentiality of tokens, with network-based exposure and no exp...

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

MediaWiki < 1.35.9, 1.38.0 < 1.38.5, 1.39.0 < 1.39.1 Information Disclosure Vulnerability - Linux

MediaWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Missing input validation for upper bound of values in TokenManager.sol functions

165 comment Warden: hubble Details Issue3 Title : Missing input validation for upper bound of values in TokenManager.sol functions Impact The below two state variables are defined as uint256, but they should never be more than 100% or a defined max value. uint256 equilibriumFee, uint256 maxFee...

Centralisation Risk: TokenManager Gives Unnecessary Permissions to The Default Admin Through changeDepositBoxAddress() Which May Cause The Bridge to Get Stuck

Lines of code Vulnerability details Impact The function changeDepositBoxAddress allows the DEFAULTADMINROLE to change the depositBox associated with a TokenManager. If the newDepositBox is incorrectly set either accidentally or maliciously it will cause the bridge to become stuck. For example if ...