SUSE CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24424

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24457

CVE-2023-24457 describes a CSRF vulnerability in the Jenkins Keycloak Authentication Plugin (versions

CVE-2023-24424

CVE-2023-24424 affects the Jenkins OpenId Connect Authentication Plugin (versions 2.4 and earlier). The vulnerability arises because the plugin does not invalidate an existing session on login, enabling potential unauthorized access via social engineering or session fixation. Reported impact is h...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24456

CVE-2023-24456 affects Jenkins Keycloak Authentication Plugin 2.3.0 and earlier. The issue: login does not invalidate the previous session, enabling session fixation. Impact noted as high/critical (CVSS 3.1 base 9.8). Affected versions: 2.3.0 and earlier. Remediation guidance in connected docs: u...

PT-2023-19616 · Jenkins · Jenkins Keycloak Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Keycloak Authentication Plugin versions 2.3.0 and earlier Description: The issue arises because the plugin does not invalidate the previous session on login, which could lead to security concerns. Recommendations: For versions 2.3.0 a...

CVE-2023-24424

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login...

Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle Plugin SAML Auth, which stems from allowing redirects to be opened via unspecified vectors...

CVE-2022-45073 WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...

CVE-2022-45073

CVE-2022-45073 describes a CSRF vulnerability in the WordPress REST API Authentication plugin (versions ≤ 2.4.0). The issue arises from the plugin not performing CSRF checks when updating settings, potentially allowing an authenticated attacker to trigger unintended settings changes through forge...

PT-2022-27401 · Unknown · Rest Api Authentication Plugin

Name of the Vulnerable Software and Affected Versions: REST API Authentication plugin versions prior to 2.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

Vulnerable version of xmlsec used - CVE-2021-40690 in atlassian-authentication-plugin

Recently we have identified that on top of the libraries mentioned in JRASERVER-73580, there was another libraryatlassian-authentication-plugin that has a transitive dependency of xmlsec that could be related to the vulnerability described in...

CVE-2021-40691

A session hijack risk was identified in the Shibboleth authentication plugin...

mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Server component: the PAM Auth Plugin of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to modify, add, or delete data...