CVE-2023-36820

CVSS Score of 10 (low)

Details

Published Oct 9, 2023
Updated: Oct 13, 2023
CWE ID 284

Summary

CVE-2023-36820 is a vulnerability in Micronaut Security, affecting versions prior to 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.The vulnerability allows the `aud` claim validation to be skipped if the token is issued by the same identity issuer/provider in an OIDC setup using Micronaut where multiple OIDC applications exist for the same issuer but token authentication is not meant to be shared.The issue has been patched in the mentioned versions of Micronaut Security.There is a medium risk associated with this vulnerability and it has a CVSS score of 6.5.It falls under CWE-284 (Improper Access Control) and poses a potential danger to organizations using affected versions of Micronaut Security as it could allow unauthorized access and compromise the confidentiality and integrity of data.It does not require any privileges or user interaction for exploitation and can be exploited over a network connection.The availability impact is considered none.A total of 71 hits have been recorded for this vulnerability so far

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36820 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options