Samin061 opened a new pull request, #69948:
URL: https://github.com/apache/airflow/pull/69948

   `_decode_and_validate_azure_jwt` and `_validate_jwt` in the FAB security 
manager decode the OAuth id_token with authlib and call `claims.validate()` 
without passing `claims_options`, and authlib's `validate_aud` returns early 
when no `aud` option is supplied, so the audience is never checked against our 
own `client_id`. For azure the keyset comes from `MICROSOFT_KEY_SET_URL`, the 
`/common/` multi-tenant JWKS, so an id_token minted in any attacker-registered 
Azure AD tenant carries a signature that verifies, and `get_oauth_user_info` 
then takes `username` from `oid` and `role_keys` from the token's own `roles` 
claim, which the attacker controls in their own app registration; on the 
authentik path the issuer is pinned by the configured `jwks_uri`, but a token 
issued to any other client of the same instance is still accepted. Pin the 
expected audience to the configured `client_id` at both decode sites so a token 
that was not issued to this deployment is rejected.
   
   ---
   
   ##### Was generative AI tooling used to co-author this PR?
   
   <!--
   If generative AI tooling has been used in the process of authoring this PR, 
please
   change below checkbox to `[X]` followed by the name of the tool, uncomment 
the "Generated-by".
   -->
   
   - [ ] Yes (please specify the tool below)
   
   <!--
   Generated-by: [Tool Name] following [the 
guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions)
   -->
   
   ---


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to