Padding Oracle Vulnerability in OopsSec Store Share Feature Enables Token Forgery

A padding oracle vulnerability in OopsSec Store's share feature allows attackers to determine whether decrypted tokens produce valid PKCS#7 padding. The flaw enables the forging of encrypted share tokens to access internal reports and retrieve sensitive data, referred to as "the flag." The issue specifically affects the platform's AES-CBC encryption implementation, which leaks decryption padding validity through error responses. No CVE ID, dates, or additional technical metrics were provided in the disclosure. The impact includes unauthorized access to restricted internal content via manipulated tokens.