JSON Web Token - CVE CyberSecurity Database News (Page 3)

Oct 22, 2024 JSON Web Token Java

CVE-2024-8901 - Critical Authentication Bypass in AWS ALB Route Directive Adapter for Istio (Kubeflow OIDC Risk)

--- Executive Summary A newly disclosed vulnerability—CVE-2024-8901—impacts the AWS ALB Route Directive Adapter for Istio, an open source component previously integrated with Kubeflow.

Oct 16, 2024 RCE API Exploit JSON Web Token

CVE-2023-32188 - How NeuVector’s JWT Vulnerability Can Lead to RCE—A Deep Dive

CVE-2023-32188 is a critical vulnerability that surfaced in NeuVector, a popular container security platform. This bug revolves around how NeuVector handled JWT (JSON Web Token)

Jun 12, 2024 JSON Web Token hashicorp vault enterprise

CVE-2024-5798 - How a JWT Audience Validation Bug in HashiCorp Vault Could Let Attackers In

Vault and Vault Enterprise are powerful tools for managing secrets and protecting sensitive data. Many organizations trust them for critical workloads. But in June 2024,

Jun 11, 2024 Microsoft API Exploit JSON Web Token azure identity library for .net

CVE-2024-35255 - Exploiting Elevation of Privilege in Azure Identity & Microsoft Authentication Library (MSAL)

Date: June 2024 Severity: High Affected Components: Azure Identity Libraries, Microsoft Authentication Library (MSAL) CVSS Score: 7.2 (High) What is CVE-2024-35255? On June 11,

Feb 11, 2024 API JSON Web Token Java

CVE-2023-52428 - Crashing Apps With a Single JWT – A Deep Dive into Nimbus JOSE+JWT DoS Exploit

Connect2id Nimbus JOSE+JWT is a popular Java library for handling JSON Web Tokens (JWT) and encryption (JOSE). In January 2024, a significant vulnerability was