Lucene search

[email protected]CVE-2019-8400

HistoryFeb 17, 2019 - 6:29 a.m.

CVE-2019-8400

2019-02-1706:29:00

CWE-79

[email protected]

web.nvd.nist.gov

ory hydra

v1.0.0-rc.3

xss

oauth2

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.

Affected configurations

NVD

Node

oryhydraMatch0.1beta1

oryhydraMatch0.1beta2

oryhydraMatch0.1beta3

oryhydraMatch0.1beta4

oryhydraMatch0.2.0

oryhydraMatch0.3.0

oryhydraMatch0.3.1

oryhydraMatch0.4.0

oryhydraMatch0.4.1

oryhydraMatch0.4.2

oryhydraMatch0.4.2alpha

oryhydraMatch0.4.2alpha1

oryhydraMatch0.4.2alpha2

oryhydraMatch0.4.2alpha3

oryhydraMatch0.4.2alpha4

oryhydraMatch0.4.3

oryhydraMatch0.5.0

oryhydraMatch0.5.1

oryhydraMatch0.5.2

oryhydraMatch0.5.3

oryhydraMatch0.5.4

oryhydraMatch0.5.5

oryhydraMatch0.5.6

oryhydraMatch0.5.7

oryhydraMatch0.5.8

oryhydraMatch0.6.0

oryhydraMatch0.6.1

oryhydraMatch0.6.2

oryhydraMatch0.6.3

oryhydraMatch0.6.4

oryhydraMatch0.6.5

oryhydraMatch0.6.6

oryhydraMatch0.6.7

oryhydraMatch0.6.8

oryhydraMatch0.6.9

oryhydraMatch0.6.10

oryhydraMatch0.7.0

oryhydraMatch0.7.1

oryhydraMatch0.7.2

oryhydraMatch0.7.3

oryhydraMatch0.7.4

oryhydraMatch0.7.5

oryhydraMatch0.7.6

oryhydraMatch0.7.7

oryhydraMatch0.7.8

oryhydraMatch0.7.9

oryhydraMatch0.7.10

oryhydraMatch0.7.11

oryhydraMatch0.7.12

oryhydraMatch0.7.13

oryhydraMatch0.8.0

oryhydraMatch0.8.1

oryhydraMatch0.8.2

oryhydraMatch0.8.3

oryhydraMatch0.8.4

oryhydraMatch0.8.5

oryhydraMatch0.8.6

oryhydraMatch0.8.7

oryhydraMatch0.9.0

oryhydraMatch0.9.1

oryhydraMatch0.9.2

oryhydraMatch0.9.3

oryhydraMatch0.9.4

oryhydraMatch0.9.5

oryhydraMatch0.9.6

oryhydraMatch0.9.7

oryhydraMatch0.9.8

oryhydraMatch0.9.9

oryhydraMatch0.9.10

oryhydraMatch0.9.11

oryhydraMatch0.9.12

oryhydraMatch0.9.13

oryhydraMatch0.9.14

oryhydraMatch0.9.15

oryhydraMatch0.9.16

oryhydraMatch0.10.0

oryhydraMatch0.10.0alpha1

oryhydraMatch0.10.0alpha10

oryhydraMatch0.10.0alpha11

oryhydraMatch0.10.0alpha12

oryhydraMatch0.10.0alpha13

oryhydraMatch0.10.0alpha14

oryhydraMatch0.10.0alpha15

oryhydraMatch0.10.0alpha16

oryhydraMatch0.10.0alpha17

oryhydraMatch0.10.0alpha18

oryhydraMatch0.10.0alpha19

oryhydraMatch0.10.0alpha2

oryhydraMatch0.10.0alpha20

oryhydraMatch0.10.0alpha21

oryhydraMatch0.10.0alpha3

oryhydraMatch0.10.0alpha4

oryhydraMatch0.10.0alpha5

oryhydraMatch0.10.0alpha6

oryhydraMatch0.10.0alpha7

oryhydraMatch0.10.0alpha8

oryhydraMatch0.10.0alpha9

oryhydraMatch0.10.1

oryhydraMatch0.10.2

oryhydraMatch0.10.3

oryhydraMatch0.10.4

oryhydraMatch0.10.5

oryhydraMatch0.10.6

oryhydraMatch0.10.7

oryhydraMatch0.10.8

oryhydraMatch0.10.9

oryhydraMatch0.10.10

oryhydraMatch0.11.0

oryhydraMatch0.11.1

oryhydraMatch0.11.2

oryhydraMatch0.11.3

oryhydraMatch0.11.4

oryhydraMatch0.11.6

oryhydraMatch0.11.7

oryhydraMatch0.11.9

oryhydraMatch0.11.10

oryhydraMatch0.11.12

oryhydraMatch0.11.14

oryhydraMatch1.0.0beta1

oryhydraMatch1.0.0beta2

oryhydraMatch1.0.0beta3

oryhydraMatch1.0.0beta4

oryhydraMatch1.0.0beta5

oryhydraMatch1.0.0beta6

oryhydraMatch1.0.0beta7

oryhydraMatch1.0.0beta8

oryhydraMatch1.0.0beta9

oryhydraMatch1.0.0rc1

oryhydraMatch1.0.0rc2

CPENameOperatorVersion
ory:hydraory hydraeq0.1
ory:hydraory hydraeq0.2.0
ory:hydraory hydraeq0.3.0
ory:hydraory hydraeq0.3.1
ory:hydraory hydraeq0.4.0
ory:hydraory hydraeq0.4.1
ory:hydraory hydraeq0.4.2
ory:hydraory hydraeq0.4.3
ory:hydraory hydraeq0.5.0
ory:hydraory hydraeq0.5.1

CPE	Name	Operator	Version
ory:hydra	ory hydra	eq	0.1
ory:hydra	ory hydra	eq	0.2.0
ory:hydra	ory hydra	eq	0.3.0
ory:hydra	ory hydra	eq	0.3.1
ory:hydra	ory hydra	eq	0.4.0
ory:hydra	ory hydra	eq	0.4.1
ory:hydra	ory hydra	eq	0.4.2
ory:hydra	ory hydra	eq	0.4.3
ory:hydra	ory hydra	eq	0.5.0
ory:hydra	ory hydra	eq	0.5.1

Rows per page:

1-10 of 901

References

drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk

github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06

github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3

hackerone.com/reports/456333

www.youtube.com/watch?v=RIyZLeKEC8E

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for CVE-2019-8400

veracode1 nvd1 prion1 osv1 cvelist1