CWE-1270
5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1270page 1 of 1
- CVE-2022-31122CRITICALCVSS 9.8EG 9.82022-10-18
Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on th…
- CVE-2023-22644MEDIUMCVSS 5.5EG 3.82023-09-20
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2023-2882CRITICALCVSS 9.8EG 9.92023-05-25
Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
- CVE-2023-30524MEDIUMCVSS 4.3EG 4.32023-04-12
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.
- CVE-2023-32188CRITICALCVSS 9.4EG 0.02024-10-16
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
Map vulnerabilities like CWE-1270 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1270 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →