exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2020-26160

Status Candidate

Overview

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.

Related Files

Red Hat Security Advisory 2021-5110-05
Posted Dec 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5110-05 - The RHEL-8 based Cryostat container images have been updated with a security fix for "CVE-2020-26160 jwt-go: access restriction bypass vulnerability". Users of RHEL-8 based Cryostat container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Ecosystem Catalog. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-26160
SHA-256 | 63915501de1b49a02aa0b126d481b202a818dff802e0229badf455bffd50eaf3
Red Hat Security Advisory 2021-2438-01
Posted Jul 28, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion, and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-2183, CVE-2020-15106, CVE-2020-15112, CVE-2020-15113, CVE-2020-15114, CVE-2020-15136, CVE-2020-26160, CVE-2020-26541, CVE-2020-28469, CVE-2020-28500, CVE-2020-28852, CVE-2020-7774, CVE-2021-20206, CVE-2021-20271, CVE-2021-20291, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22133, CVE-2021-23337, CVE-2021-23362, CVE-2021-23368, CVE-2021-23382, CVE-2021-25735
SHA-256 | 44f1588b77c38919a903c4dffe0b5b58cf96f91a447694471f228851a5f89f6d
Red Hat Security Advisory 2021-2042-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2042-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2020-26160, CVE-2020-28362
SHA-256 | 6858bb11955afee12454177dcc17e6949bace388b5e14d7e8536160ded85002a
Red Hat Security Advisory 2021-2041-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2041-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-25678, CVE-2020-26160, CVE-2020-26289, CVE-2020-28362, CVE-2020-7608, CVE-2020-7774, CVE-2020-8565, CVE-2021-20305, CVE-2021-3114, CVE-2021-3139, CVE-2021-3449, CVE-2021-3450, CVE-2021-3528
SHA-256 | 207485ff1991adec31c517e8d791b7e6d4e2eb37215ab5caba07707d934fa380
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close