Authentication Bypass

opensearch is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly handle white spaces in JWT roles which allow users to potentially claim roles that the ...

Continue Reading
Spring Cloud Azure 5.0 is now Generally Available

We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: * Compatible with ...

Continue Reading
JWT audience claim is not verified

### Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) cla ...

Continue Reading
(RHSA-2023:0466) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) For more ...

Continue Reading

CVSS3 - CRITICAL

(RHSA-2023:0467) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) * ArgoCD ...

Continue Reading

CVSS3 - CRITICAL

(RHSA-2023:0468) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) For more ...

Continue Reading

CVSS3 - CRITICAL

JWT audience claim is not verified

### Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) cla ...

Continue Reading
Issue with whitespace in JWT roles in OpenSearch

### Advisory title: Issue with whitespace in JWT roles ### Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 ### Patched versions: OpenSearch 1.3.8 and 2.5.0 ### Impact: OpenSearch uses JWTs t ...

Continue Reading

Back to Main

Subscribe for the latest news:
Generated by Feedzy