Lucene search
GitHub Advisory DatabaseGHSA-RCM4-JV5G-WCCMHistoryJun 07, 2024 - 10:30 p.m.
zfr authentication adapter did not verify validity of tokens
2024-06-0722:30:03
CWE-613
GitHub Advisory Database
github.com
6
authentication credentials
expired tokens
security issue
software
AI Score
7.4
Confidence
Low
Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a (release 0.1.2), tokens werenβt checked for validity/expiration.
This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials.
Affected configurations
Node
zfrzfr-oauth2-server-moduleRange<0.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zfr | zfr-oauth2-server-module | * | cpe:2.3:a:zfr:zfr-oauth2-server-module:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-rcm4-jv5g-wccm
github.com/FriendsOfPHP/security-advisories/blob/master/zfr/zfr-oauth2-server-module/2014-04-26.yaml
github.com/zf-fr/zfr-oauth2-server-module/commit/2ca5bb1c2f11537be8f94ca6867d8d69789e744a
github.com/zf-fr/zfr-oauth2-server-module/issues/6
github.com/zf-fr/zfr-oauth2-server-module/tree/0.1.2
AI Score
7.4
Confidence
Low