VDB
KO

GO-2026-5544

opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension

Details

opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension
Introduced in: 0.124.0

No fixed version published yet for github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (go modules). Pin to a known-safe version or switch to an alternative.

References