The vulnerability of the “Allow Subdomains” configuration in the OAuth2 authentication platform allows a hacker to bypass security restrictions and redirect users to any arbitrary URL address.

The vulnerability of the “Allow Subdomains” configuration in the OAuth2 authentication platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and redirect users to any arbitrary URL address...

CVE-2023-49104

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker...

HashiCorp Vault 信任管理问题漏洞

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. HashiCorp Vault versions 1.8.0 through 1.8.8 and 1.9.3 have a trust management issue vulnerability that allows the PKI confidentiality engine to issue wildcard certificates to authorized users in specified domain...

PT-2022-17174 · Hashicorp · Vault Enterprise +1

Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions 1.8.0 through 1.8.8 Vault and Vault Enterprise version 1.9.3 Description: The issue allowed the PKI secrets engine to issue wildcard certificates to authorized users for a specified domain, even if the PKI...