Privilege Escalation in Auth0 Authentication Service: Unvalidated JWT Audience

Privilege Escalation in Auth0 Authentication Service: Unvalidated JWT Audience

CVE-2018-6873 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.

Learn more about our Web Application Penetration Testing UK.