GHSA-c9w5-qp6m-m395CriticalCVSS 9.8

Casdoor: GetTokenExchangeToken bypass through lack of cross-organization JWT signature check

Published
May 28, 2026
Last Modified
July 9, 2026

🔗 CVE IDs covered (1)

📋 Description

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.

🎯 Affected products1

  • go/github.com/casdoor/casdoor:< 2.387.0

🔗 References (4)