opensearch is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly handle white spaces in JWT roles which allow users to potentially claim roles that the ...
Continue ReadingJanuary 27, 2023
We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: * Compatible with ...
Continue ReadingJanuary 26, 2023
### Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) cla ...
Continue ReadingJanuary 26, 2023
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) For more ...
Continue ReadingJanuary 26, 2023
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) * ArgoCD ...
Continue ReadingJanuary 26, 2023
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * ArgoCD: JWT audience claim is not verified (CVE-2023-22482) For more ...
Continue ReadingJanuary 26, 2023
### Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) cla ...
Continue ReadingJanuary 26, 2023
### Advisory title: Issue with whitespace in JWT roles ### Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 ### Patched versions: OpenSearch 1.3.8 and 2.5.0 ### Impact: OpenSearch uses JWTs t ...
Continue ReadingJanuary 25, 2023
Back to Main