VYPR
Unrated severityNVD Advisory· Published Sep 27, 2023· Updated Sep 24, 2024

Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check

CVE-2023-0456

Description

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.