Lucene search
UnknownNODEJS:1546HistoryJul 29, 2020 - 5:14 p.m.
Information Exposure
2020-07-2917:14:33
Unknown
www.npmjs.com
9
EPSS
0.001
Percentile
39.6%
Overview
Versions of auth0 before 2.27.1 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 management API fails, the key for Authorization header is not sanitized and the Authorization header value can be logged exposing a bearer token.
You are affected by this vulnerability if all of the following conditions apply:
- You are using
auth0npm package - You are using a Machine to Machine application authorized to use Auth0’s management API https://auth0.com/docs/flows/concepts/client-credentials
Recommendation
Upgrade to version 2.27.1.
References
Related
veracode
veracode
Information Disclosure
2020-07-30 03:10:17
cvelist
cvelist
cve
cve
CVE-2020-15125
2020-07-29 17:15:13
github
github
Authorization header is not sanitized in an error object in auth0
2020-07-29 16:26:22
nvd
nvd
CVE-2020-15125
2020-07-29 17:15:13
osv
osv
Authorization header is not sanitized in an error object in auth0
2020-07-29 16:26:22
prion
prion
Authorization
2020-07-29 17:15:00