GHSA-c9w5-qp6m-m395CriticalCVSS 9.8
Casdoor: GetTokenExchangeToken bypass through lack of cross-organization JWT signature check
🔗 CVE IDs covered (1)
📋 Description
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.
🎯 Affected products1
- go/github.com/casdoor/casdoor:< 2.387.0