CVE-2022-29165

A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the Ar ...

Continue Reading

May 30, 2022

(RHSA-2022:4692) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...

Continue Reading

May 30, 2022

(RHSA-2022:4691) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...

Continue Reading

May 30, 2022

Authentication Bypass

pyjwt is vulnerable to authentication bypass. The library permits an attacker submitting a JWT token to choose which algorithms are used when signing in, enabling non-blocklisted, but weak public key ...

Continue Reading

May 30, 2022

CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

Continue Reading

May 30, 2022

Key confusion through non-blocklisted public key formats

### Impact _What kind of vulnerability is it? Who is impacted?_ Disclosed by Aapo Oksman (Senior Security Specialist, Nixu Corporation). > PyJWT supports multiple different JWT signing algorithms. ...

Continue Reading

May 30, 2022

1 184 185 186

Back to Main
Subscribe for the latest news: