Lucene search
PRIOn knowledge basePRION:CVE-2020-26160HistorySep 30, 2020 - 6:15 p.m.
Design/Logic Flaw
2020-09-3018:15:00
PRIOn knowledge base
www.prio-n.com
10
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m[โaudโ] (which is allowed by the specification). Because the type assertion fails, โโ is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
Related
osv
osv
CVE-2020-26160
2020-09-30 18:15:27
CGA-6hxx-3pwx-j6mh
2024-06-21 16:22:55
Authorization bypass in github.com/dgrijalva/jwt-go
2021-04-14 20:04:52
github
github
Authorization bypass in github.com/dgrijalva/jwt-go
2021-05-18 21:08:21
cgr
cgr
CVE-2020-26160 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
veracode
veracode
Authorization Bypass
2020-09-30 00:55:36
debiancve
debiancve
CVE-2020-26160
2020-09-30 18:15:27
redhat
redhat
(RHSA-2021:0516) Moderate: Release of OpenShift Serverless 1.13.0 security update
2021-02-15 14:47:44
(RHSA-2021:5110) Moderate: Cryostat security update
2021-12-14 12:44:18
redhatcve
redhatcve
CVE-2020-26160
2020-09-30 22:37:10
cvelist
cvelist
CVE-2020-26160
2020-09-30 12:57:10
wolfi
wolfi
CVE-2020-26160 vulnerabilities
2024-07-05 21:08:40
ubuntucve
ubuntucve
CVE-2020-26160
2020-09-30 00:00:00
nvd
nvd
CVE-2020-26160
2020-09-30 18:15:27
alpinelinux
alpinelinux
CVE-2020-26160
2020-09-30 18:15:27
cve
cve
CVE-2020-26160
2020-09-30 18:15:27