PT-2025-9532 · Ietf · Ietf Oauth 2.0

Dr. Ralf Küsters

Publicado

2025-03-03

Atualizado

2025-03-07

CVE-2025-27371

CVSS v3.1

6.9

Média

Vetor

AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions IETF OAuth 2.0 versions (affected versions not specified)

Description The issue arises from ambiguities in the audience values of JSON Web Tokens (JWTs) sent to authorization servers when using the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism. This ambiguity is present in certain IETF OAuth 2.0-related specifications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-305CWE-863

Identificadores relacionados

CVE-2025-27371

Produtos afetados

Ietf Oauth 2.0

PT-2025-9532 · Ietf · Ietf Oauth 2.0

CVE-2025-27371

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11