SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypas…

SciTokens C++ library prior to version 1.4.1 contains an authorization bypass vulnerability in path-based scope validation. The vulnerability stems from improper string-prefix comparison that doesn't require path-segment boundaries, allowing tokens scoped to one path to incorrectly authorize access to sibling paths with the same prefix. This could lead to unauthorized access to resources beyond the intended scope. The issue affects the enforcer component's validation logic and has been patched in version 1.4.1. Organizations using affected versions should upgrade immediately to prevent potential unauthorized access.