Name of the Vulnerable Software and Affected Versions:

Red Hat Connectivity Link (affected versions not specified)

Description:

The issue concerns the Authorino service in the Red Hat Connectivity Link, which is responsible for zero trust API security. It allows users with a developer persona to add callbacks to be executed at HTTP endpoints after the authorization process is completed. An attacker with developer persona access can exploit this by adding a large number of callbacks, leading to a Denial of Service in Authorino as it processes the post-authorization callbacks.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.