Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.9 views

CVE-2023-37260

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

8.2CVSS6.8AI score0.00951EPSS
Exploits0
Circl
Circl
added 2023/07/06 8:20 p.m.8 views

CVE-2023-37260

creationtimestamp| type| source ---|---|--- 2023-07-06 20:20:35+00:00| seen| https://t.me/cibsecurity/66146...

8.2CVSS7.7AI score0.00951EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/06 3:9 p.m.41 views

CVE-2023-37260 league/oauth2-server key exposed in exception message when passing as string and providing invalid pass phrase

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

8.2CVSS8.4AI score0.00951EPSS
Exploits0References3
CVE
CVE
added 2023/07/06 3:9 p.m.2507 views

CVE-2023-37260

The CVE-2023-37260 issue affects league/oauth2-server (PHP). Root cause: when a server passed a CryptKey as a string instead of a file path and no valid pass phrase was provided, the key could be exposed in a LogicException message. Impact stated: potential exposure of the key in exception messag...

8.2CVSS7.8AI score0.00951EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder