This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious API clients to bypass JWT authentication through crafty manipulation of the X-HTTP-Method-Override header under specific circumstances. The importance of this issue is highlighted […]
The post GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845 appeared first on Wallarm.
The post GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845 appeared first on Security Boulevard.