CRITICAL 9.8
GHSA-c9w5-qp6m-m395
Casdoor: GetTokenExchangeToken bypass through lack of cross-organization JWT signature check
Details
Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/casdoor/casdoor
Introduced in:
0 Fixed in: 2.387.0 Fix
go get github.com/casdoor/casdoor@v2.387.0