CVE-2023-36820

Summary

CVE-2023-36820 is a vulnerability in Micronaut Security, affecting versions prior to 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.The vulnerability allows the `aud` claim validation to be skipped if the token is issued by the same identity issuer/provider in an OIDC setup using Micronaut where multiple OIDC applications exist for the same issuer but token authentication is not meant to be shared.The issue has been patched in the mentioned versions of Micronaut Security.There is a medium risk associated with this vulnerability and it has a CVSS score of 6.5.It falls under CWE-284 (Improper Access Control) and poses a potential danger to organizations using affected versions of Micronaut Security as it could allow unauthorized access and compromise the confidentiality and integrity of data.It does not require any privileges or user interaction for exploitation and can be exploited over a network connection.The availability impact is considered none.A total of 71 hits have been recorded for this vulnerability so far

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.