VDB
KO
CRITICAL 9.8

GHSA-c9w5-qp6m-m395

Casdoor: GetTokenExchangeToken bypass through lack of cross-organization JWT signature check

Details

Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/casdoor/casdoor
Introduced in: 0 Fixed in: 2.387.0
Fix go get github.com/casdoor/casdoor@v2.387.0

References