jwt-go is a dependency shipped with IBM Netcool Operations Insight Event Integrations Operator. Information about the security vulnerability affecting jwt-go has been published. (CVE-2020-26160)
CVEID:CVE-2020-26160
**DESCRIPTION:**jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[โaudโ] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189408 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Netcool Operations Insight Event Integrations Operator | 1.0.0 up to 1.1.0 |
Product(s) | Version(s) |
---|---|
IBM Netcool Operations Insight Event Integrations Operator | 1.2.0 |
You can download this package from the IBM Passport Advantage website: |
www.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm
To obtain this new package, use the Find by part number field to search for part number:CC8YGML
None
CPE | Name | Operator | Version |
---|---|---|---|
netcool operations insight | eq | 1.6. |