JSON Web Token - API Security Blog

CVE-2022-29165

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2 ...

June 23, 2022

GitHub Security Lab: Golang : Hardcoded secret used for signing JWT

This bug was reported directly to GitHub Security Lab.Read More ...

June 15, 2022

Authentication Bypass by Spoofing

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2 ...

June 09, 2022

Authentication Bypass by Spoofing

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2 ...

June 09, 2022

PYSEC-2022-202

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

June 07, 2022

[SECURITY] Fedora 35 Update: python-jwt-2.4.0-1.fc35

A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties enco ...

June 01, 2022

Apache APISIX < 2.13.1 Information Disclosure

The version of Apache APISIX installed on the remote host is prior to 2.13.1. It is, therefore, potentially affected by an information disclosure vulnerability because the jwt-auth plugin has a securi ...

June 01, 2022

Improper Access Control

github.com/awake1t/linglong is vulnerable to access control bypass. The vulnerability exists in the `jwt.go` due to the hard coded jwt token which allows an attacker to craft a malicious cookie and ga ...

June 01, 2022