Ory

Oathkeeper

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-33496

  • EPSS 0.16%
  • Veröffentlicht 26.03.2026 17:29:41
  • Zuletzt bearbeitet 07.04.2026 21:15:26

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_...

6.5

CVE-2026-33495

  • EPSS 0.04%
  • Veröffentlicht 26.03.2026 17:26:29
  • Zuletzt bearbeitet 02.04.2026 21:01:07

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on...

10

CVE-2026-33494

  • EPSS 0.08%
  • Veröffentlicht 26.03.2026 17:23:33
  • Zuletzt bearbeitet 07.04.2026 21:15:14

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker ca...

7.5

CVE-2021-32701

  • EPSS 0.31%
  • Veröffentlicht 22.06.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:33

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with th...