CWE-1259

6 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-1259page 1 of 1

CVE-2022-23541MEDIUMCVSS 5.0EG 5.0
2022-12-22
jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the rea…
CVE-2022-23551MEDIUMCVSS 5.3EG 5.3
2022-12-21
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this …
CVE-2024-36111MEDIUMCVSS 6.3EG 6.3
2024-07-25
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated …
CVE-2024-36533CRITICALCVSS 9.8EG 9.8
2024-07-24
Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVE-2024-41948LOWCVSS 3.0EG 3.0
2024-08-01
biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, …
CVE-2024-45448MEDIUMCVSS 4.1EG 4.1
2024-09-04
Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Map vulnerabilities like CWE-1259 to your infrastructure

EchelonGraph correlates every CVE — across CWE-1259 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →