Description
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.
Remediation
References
http://www.securityfocus.com/bid/103695
https://auth0.com/docs/security/bulletins/cve-2018-6873
Related Vulnerabilities
CVE-2022-23305 Vulnerability in maven package log4j:log4j
CVE-2019-10746 Vulnerability in npm package mixin-deep
CVE-2021-44878 Vulnerability in maven package org.pac4j:pac4j-core
CVE-2023-26486 Vulnerability in maven package org.webjars.bowergithub.vega:vega
CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core_2.11