opensearch is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly handle white spaces in JWT roles which allow users to potentially claim roles that the ...
Continue Reading
January 27, 2023
We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: * Compatible with ...
Continue Reading
January 26, 2023
### Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) cla ...
Continue Reading
January 26, 2023
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) For more ...
Continue Reading
January 26, 2023
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) * ArgoCD ...
Continue Reading
January 26, 2023
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) For more ...
Continue Reading
January 26, 2023
### Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) cla ...
Continue Reading
January 26, 2023
### Advisory title: Issue with whitespace in JWT roles ### Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 ### Patched versions: OpenSearch 1.3.8 and 2.5.0 ### Impact: OpenSearch uses JWTs t ...
Continue Reading
January 25, 2023
Back to Main
