Biscuitsec Biscuit-Auth vulnerabilities

CVE-2024-41949 [MEDIUM] CWE-269 CVE-2024-41949: biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for mi biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to

CVE-2022-31053 [CRITICAL] CWE-347 CVE-2022-31053: Biscuit is an authentication and authorization token for microservices architectures. The Biscuit sp Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different a