CVE-2024-8642 - Eclipse Dataspace Components HTTP Token Expiration Bypass

2 months ago 34
ARTICLE AD BOX
CVE ID : CVE-2024-8642
Published : Sept. 11, 2024, 2:15 p.m. | 24 minutes ago
Description : In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article