CVE-2024-40430 Information

Description

In SFTPGO 2.6.2 the JWT implementation lacks cerrtain security measures such as using JWT ID (JTI) claims nonces and proper expiration and invalidation mechanisms.

Reference

https://alexsecurity.rocks/posts/cve-2024-40430/