Back to bug 2163586
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Paramvir jindal | 2023-01-24 00:37:39 UTC | CC | security-response-team | |
| Paramvir jindal | 2023-01-24 01:08:51 UTC | Summary | EMBARGOED APICast: APICast proxies the API call with incorrect JWT token to the API backend without proper authorization check | APICast: APICast proxies the API call with incorrect JWT token to the API backend without proper authorization check |
| Group | security, qe_staff | |||
| Sandipan Roy | 2023-01-24 03:32:47 UTC | Alias | CVE-2023-0456 | |
| Summary | APICast: APICast proxies the API call with incorrect JWT token to the API backend without proper authorization check | CVE-2023-0456 APICast: APICast proxies the API call with incorrect JWT token to the API backend without proper authorization check | ||
| Chess Hazlett | 2023-03-15 20:35:16 UTC | Doc Text | 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow the separae realm to be accessible by the attacker, and could permit access to unauthorized information. | |
| Paige Jung | 2023-03-15 21:13:07 UTC | Doc Text | 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow the separae realm to be accessible by the attacker, and could permit access to unauthorized information. | A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. |
| m3dsec | 2023-06-09 21:56:10 UTC | CC | m3d5ec | |
| Red Hat Bugzilla | 2023-07-07 08:34:55 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 2163586