Lucene search

[email protected]CVE-2022-34155

HistoryJul 18, 2023 - 2:15 p.m.

CVE-2022-34155

2023-07-1814:15:12

CWE-287

[email protected]

web.nvd.nist.gov

2326

cve-2022-34155

improper authentication

miniorange

oauth

single sign on

sso

oauth client

authentication bypass

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

JSON

Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.

Affected configurations

Vulners

NVD

Node

miniorangeoauth_single_sign_onRange≤6.23.3

VendorProductVersionCPE
miniorangeoauth_single_sign_on*cpe:2.3:a:miniorange:oauth_single_sign_on:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
miniorange	oauth_single_sign_on	*	cpe:2.3:a:miniorange:oauth_single_sign_on::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "miniorange-login-with-eve-online-google-facebook",
    "product": "OAuth Single Sign On – SSO (OAuth Client)",
    "vendor": "miniOrange",
    "versions": [
      {
        "changes": [
          {
            "at": "6.23.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.23.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

lana.codes/lanavdb/071fa6eb-2e54-43a1-b37f-1e562988b7d4?_s_id=cve

patchstack.com/database/vulnerability/miniorange-login-with-eve-online-google-facebook/wordpress-oauth-single-sign-on-sso-oauth-client-plugin-6-23-3-broken-authentication-vulnerability?_s_id=cve