From f2a70ab36466861dc469de0ddb87a2df0af421a2 Mon Sep 17 00:00:00 2001 From: Warren Postdam <39105880+p0sql@users.noreply.github.com> Date: Thu, 7 May 2026 02:30:52 +0200 Subject: [PATCH] Improve GHSA-q7c8-gfjh-8v4p --- .../GHSA-q7c8-gfjh-8v4p.json | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/advisories/unreviewed/2026/01/GHSA-q7c8-gfjh-8v4p/GHSA-q7c8-gfjh-8v4p.json b/advisories/unreviewed/2026/01/GHSA-q7c8-gfjh-8v4p/GHSA-q7c8-gfjh-8v4p.json index 1ec19cf08290a..11d5e54702bdf 100644 --- a/advisories/unreviewed/2026/01/GHSA-q7c8-gfjh-8v4p/GHSA-q7c8-gfjh-8v4p.json +++ b/advisories/unreviewed/2026/01/GHSA-q7c8-gfjh-8v4p/GHSA-q7c8-gfjh-8v4p.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-q7c8-gfjh-8v4p", - "modified": "2026-01-23T21:30:43Z", + "modified": "2026-01-23T21:31:50Z", "published": "2026-01-23T18:31:28Z", "aliases": [ "CVE-2025-66719" ], + "summary": "GHSA-q7c8-gfjh-8v4p", "details": "An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.", "severity": [ { @@ -13,12 +14,33 @@ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Go", + "name": "" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66719" }, + { + "type": "WEB", + "url": "https://github.com/free5gc/free5gc/issues/733" + }, { "type": "WEB", "url": "https://github.com/free5gc/free5gc/issues/736"