CVE-2023-40545

Name of the Vulnerable Software and Affected Versions SoftwareX version 11.3

Description The issue is related to authentication bypass when an OAuth2 Client uses client secret jwt as its authentication method. This can be exploited via specially crafted requests.

Recommendations For version 11.3, consider disabling the use of client secret jwt as an authentication method until a patch is available. Restrict access to the OAuth2 Client to minimize the risk of exploitation. Avoid using specially crafted requests in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.