{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T08:36:04.056","vulnerabilities":[{"cve":{"id":"CVE-2023-36820","sourceIdentifier":"security-advisories@github.com","published":"2023-10-09T14:15:10.640","lastModified":"2024-11-21T08:10:40.067","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.\n"},{"lang":"es","value":"Micronaut Security es una solución de seguridad para aplicaciones. Antes de las versiones 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2 y 3.11.1, IdTokenClaimsValidator omite Validación de reclamo `aud` si el token es emitido por el mismo emisor/proveedor de identidad. Cualquier configuración de OIDC que utilice Micronaut en la que existan varias aplicaciones OIDC para el mismo emisor, pero la autenticación de token no debe compartirse. Este problema se solucionó en las versiones 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2 y 3.11. 1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.2","matchCriteriaId":"670F1AC9-632E-4D47-9492-9BAC0084BE0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.4","matchCriteriaId":"813AFD3C-E241-4376-AAF7-C4B276055121"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.2","matchCriteriaId":"9626C2B1-79E6-4908-9ADF-E520DFC3402C"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.3","matchCriteriaId":"FBCDEED9-3639-4D90-9808-F27F9E2FB02B"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.3","matchCriteriaId":"FDC29054-500C-4B79-BDD5-B48D989D02E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.6","matchCriteriaId":"EA9D354C-1D89-4B68-AF7C-D712F0A1A8AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.4","matchCriteriaId":"9AE52168-0CAF-4BF7-B88B-AF79149F6919"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.4","matchCriteriaId":"71B1B0A7-CCA3-4199-BC32-37C1138C6BF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.6","matchCriteriaId":"AA7B0DE4-ACD6-47AC-8059-9D9B97876B68"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.0","versionEndExcluding":"3.10.2","matchCriteriaId":"4476038E-A854-4946-9CBF-42E2253B17D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:objectcomputing:micronaut_security:3.11.0:*:*:*:*:*:*:*","matchCriteriaId":"15398E49-FF87-4B88-B9B3-B326709E26AD"}]}]}],"references":[{"url":"https://github.com/micronaut-projects/micronaut-security/commit/9728b925221a0d87798ccf250657a3c214b7e980","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/micronaut-projects/micronaut-security/security/advisories/GHSA-qw22-8w9r-864h","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://github.com/micronaut-projects/micronaut-security/commit/9728b925221a0d87798ccf250657a3c214b7e980","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/micronaut-projects/micronaut-security/security/advisories/GHSA-qw22-8w9r-864h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]}]}}]}