4 matches found
The vulnerability of the Oauth extension for the software environment used to implement the MediaWiki hypertext environment allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Oauth extension MWOAuthConsumerSubmitControl.php of the MediaWiki software arises from the use of cryptographic algorithms that contain defects or risks. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...
envoyproxy/envoy: HTTP request with multiple value headers can bypass authorization policies
An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple value headers. This flaw allows an attacker to bypass rule policies that use the extauthz extension. The highest threat from this vulnerability is to confidentiality,...
PT-2021-19922 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions 1.16.5 through 1.19.0 Description: The issue affects Envoy, an open source L7 proxy and communication bus. In the affected versions, when the ext-authz extension sends request headers to the external authorization service, it...
PT-2021-19426 · Mediawiki +2 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the Oauth extension for MediaWiki. It did not validate the oarc version also known as oauth registered consumer.oarc version parameter's length. Recommendations: For...