Displaying 2 results from an estimated 2 matches for "xuanwu".
2021 Jun 21
0
CVE-2021-29157: oauth2 JWT local validation path traversal
...t confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification: 2021-03-22
Solution date: 2021-04-14
Public disclosure: 2021-06-21
CVE reference: CVE-2021-29157
CVSS: 6.7 (CVSS3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Researcher credit: Kirin of Tencent Security Xuanwu Lab
Vulnerability Details:
Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk.
Risk:
Local attacker can login as any use...
2021 Jun 21
0
CVE-2021-29157: oauth2 JWT local validation path traversal
...t confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification: 2021-03-22
Solution date: 2021-04-14
Public disclosure: 2021-06-21
CVE reference: CVE-2021-29157
CVSS: 6.7 (CVSS3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Researcher credit: Kirin of Tencent Security Xuanwu Lab
Vulnerability Details:
Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk.
Risk:
Local attacker can login as any use...