Description

The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.

Remediation

References

Related Vulnerabilities