An unauthenticated attacker can obtain arbitrary permissions within the application under certain conditions.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-2400" }
{ "imports": [ { "symbols": [ "Middleware.Authenticate", "Middleware.AuthenticateWithProofOfPossession", "matchesDomain" ], "path": "github.com/sap/cloud-security-client-go/auth" }, { "symbols": [ "NewOIDCTenant", "OIDCTenant.GetJWKs", "OIDCTenant.getJWKsFromServer", "OIDCTenant.performDiscovery" ], "path": "github.com/sap/cloud-security-client-go/oidcclient" }, { "symbols": [ "TokenFlows.ClientCredentials" ], "path": "github.com/sap/cloud-security-client-go/tokenclient" } ] }