Back to bug 2129744
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2022-09-26 08:46:00 UTC | Depends On | 2129745 | |
| TEJ RATHI | 2022-09-26 08:46:54 UTC | CC | amctagga, aoconnor, bniver, eglynn, flucifre, gmeno, jjoyce, lhh, mbenjamin, mburns, mgarciac, mhackett, oalbrigt, sostapov, spower, vereddy | |
| TEJ RATHI | 2022-09-26 08:47:27 UTC | Blocks | 2129746 | |
| Sandipan Roy | 2022-09-26 08:59:39 UTC | Severity | urgent | high |
| Priority | urgent | high | ||
| Anten Skrabec | 2022-10-06 19:00:50 UTC | Depends On | 2132810, 2132811, 2132812 | |
| Jon Schlueter | 2022-10-07 11:51:01 UTC | Flags | needinfo?(trathi) | |
| CC | jschluet | |||
| Sandipan Roy | 2022-10-07 13:11:31 UTC | Flags | needinfo?(trathi) | |
| Sandipan Roy | 2022-10-13 07:19:45 UTC | Doc Text | python-jwt was subject to Authentication Bypass vulnerability by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. | |
| RaTasha Tillery-Smith | 2022-10-13 12:33:21 UTC | Doc Text | python-jwt was subject to Authentication Bypass vulnerability by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. | A flaw was found in python-jwt, where it was subject to Authentication Bypass vulnerability by spoofing, resulting in identity spoofing, session hijacking, or authentication bypass. This flaw allows an attacker who obtains a JWT to arbitrarily forge its contents without knowing the secret key. Depending on the application, the attacker can spoof other users' identities, hijack their sessions, or bypass authentication. |
| Red Hat Bugzilla | 2023-01-01 05:32:35 UTC | CC | amctagga | |
| Red Hat Bugzilla | 2023-01-01 05:47:03 UTC | CC | flucifre | |
| Red Hat Bugzilla | 2023-01-01 05:52:40 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-01-01 06:02:02 UTC | CC | bniver | |
| Red Hat Bugzilla | 2023-01-01 08:34:07 UTC | CC | mbenjamin | |
| Red Hat Bugzilla | 2023-01-01 08:43:06 UTC | CC | sostapov | |
| Red Hat Bugzilla | 2023-01-01 08:47:39 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 05:43:50 UTC | CC | sostapov | |
| Alasdair Kergon | 2023-01-04 06:11:25 UTC | CC | bniver | |
| Alasdair Kergon | 2023-01-04 06:19:28 UTC | CC | mbenjamin | |
| Alasdair Kergon | 2023-01-04 06:43:51 UTC | CC | flucifre | |
| Alasdair Kergon | 2023-01-04 06:59:12 UTC | CC | vereddy | |
| Alasdair Kergon | 2023-01-04 11:29:24 UTC | CC | mhackett | |
| Red Hat Bugzilla | 2023-07-07 08:32:18 UTC | Assignee | security-response-team | nobody |
Back to bug 2129744