all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845

Add to bookmarks
June 19, 2023, 3:15 p.m. | Ivanwallarm

Security Boulevard securityboulevard.com

This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious API clients to bypass JWT authentication through crafty manipulation of the X-HTTP-Method-Override header under specific circumstances. The importance of this issue is highlighted [...]


The post GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845 appeared first on Wallarm.


The post GCP ESPv2 Hit with Critical API …

api api authorization api management api security authentication authentication bypass authorization bypass capabilities clients critical cve cyberattacks different attack types esp gcp google header http infrastructure jwt jwt authentication malicious management manipulation override proxy service under vulnerability

Visit resource

More from securityboulevard.com / Security Boulevard

IAM and Passkeys: 4 Steps Towards a Passwordless Future 4 hours ago | securityboulevard.com
access access management cybersecurity future +12
Post DBIR 2024: 7 Ways to Reduce Your Cyber Risk 6 hours ago | securityboulevard.com
balbix breaches critical cyber +14
Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks 9 hours ago | securityboulevard.com
blog corporate emerging infostealer +9
Reading the Mandiant M-Trends 2024 10 hours ago | securityboulevard.com
blog etc incidents live +9
Kaseya 365 Ushers in the Dawn of a New Era in IT & Security Management 11 hours ago | securityboulevard.com
amp automate backup ceo +17
Lawsuits After Ransomware on the Rise, Comparitech Says 14 hours ago | securityboulevard.com
attacks companies cost of data breach cyberlaw +24
How Do I Protect My AI Model? 14 hours ago | securityboulevard.com
ai model ai models assets mend +4
USENIX Security ’23 – Investigating Verification Behavior and Perceptions of Visual Digital Certificates 14 hours ago | securityboulevard.com
access authors certificates channel +16
Product Release: PreVeil 5.0 15 hours ago | securityboulevard.com
list page product product release +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs