CVE-2023-51774

HIGH Year: 2023
CVSS v3 Score
8.4
High
Weakness Type
CWE-284
View all →

Vulnerability Description

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

Related Vulnerabilities

CVE-2016-0392

HIGH
CVSS:8.4(High)

IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Sc...

CWE-2842016

CVE-2016-4383

HIGH
CVSS:8.4(High)

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified imag...

CWE-2842016

CVE-2016-9976

HIGH
CVSS:8.4(High)

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to ...

CWE-2842016

CVE-2021-33162

HIGH
CVSS:8.4(High)

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege vi...

CWE-2842021

CVE-2022-4724

HIGH
CVSS:8.4(High)

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CWE-2842022

CVE-2023-22014

HIGH
CVSS:8.4(High)

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows...

CWE-2842023