HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1 ...
Continue Reading
September 22, 2022
jwcrypto is vulnerable to authorization bypass. The vulnerability is due to JWT auto-detecting the token type; under certain circumstances, it's possible to substitute a signed JWS token with a JWE to ...
Continue Reading
September 22, 2022
### Impact An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's ...
Continue Reading
September 21, 2022
### Impact An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's ...
Continue Reading
September 21, 2022
The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we rece ...
Continue Reading
September 21, 2022
The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we rece ...
Continue Reading
September 21, 2022
[
Back to Main
