Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Rated low severity (CVSS 3.6). No vendor patch available.
Authentication Bypass
Temporal
NVD
GitHub
CVSS 3.1
3.6
EPSS
0.2%