CVE-2024-2321

Name of the Vulnerable Software and Affected Versions WSO2 products (affected versions not specified)

Description An issue exists where protected APIs can be accessed directly using a refresh token instead of the expected access token, due to improper authorization checks and token mapping. This allows for unauthorized operations without the need for session cookies. Exploitation requires obtaining a valid refresh token of an admin user, potentially leading to prolonged unauthorized access to API resources and impacting data confidentiality and integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.