-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGoMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient expiration checks in token validation. The patch adds JWT claims validation using jwt-go's Claims.Valid() which checks expiration. The original implementation in ValidateAccessToken only verified signatures and unmarshalled claims without expiration validation. The commit diff shows the addition of JWT parsing and claims validation where none existed before, directly addressing CWE-298 and CWE-613. Test cases added in resource_server_test.go validate expiration checks, confirming the missing validation was the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/flyteorg/flyteadmin | go | < 1.1.31 | 1.1.31 |
KEV Misses 88% of Exploited CVEs- Get the report