This vulnerability exists in Meon KYC solutions due to...
        
  High severity
        
          Unreviewed
      
        Published
          Apr 23, 2025 
          to the GitHub Advisory Database
          •
          Updated Apr 23, 2025 
      
  
Description
        Published by the National Vulnerability Database
      Apr 23, 2025 
    
  
        Published to the GitHub Advisory Database
      Apr 23, 2025 
    
  
        Last updated
      Apr 23, 2025 
    
  
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts.
References