Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:54 a.m.10 views

CVE-2024-21632

omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...

9.8CVSS6.5AI score0.00904EPSS
Exploits1References1
Circl
Circl
added 2024/01/02 11:26 p.m.7 views

CVE-2024-21632

creationtimestamp| type| source ---|---|--- 2024-01-02 23:26:58+00:00| seen| https://t.me/ctinow/162097 2024-01-03 01:38:27+00:00| seen| https://t.me/cibsecurity/74215 2024-01-09 21:16:34+00:00| seen| https://t.me/ctinow/165367 2024-01-23 09:21:29+00:00| seen| https://t.me/ctinow/171784...

9.8CVSS8.7AI score0.00904EPSS
Exploits1References4
NVD
NVD
added 2024/01/02 10:15 p.m.38 views

CVE-2024-21632

omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...

9.8CVSS8.9AI score0.00904EPSS
Exploits1References3
CVE
CVE
added 2024/01/02 9:54 p.m.83 views

CVE-2024-21632

The CVE-2024-21632 entry concerns omniauth-microsoft_graph, an Omniauth strategy for Microsoft Graph. Before version 2.0.0, it did not validate the user email attribute (nor provided an option to do so), exposing risk of nOAuth misconfiguration when email is used as a trusted user identifier and ...

9.8CVSS9.2AI score0.00904EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/01/02 9:54 p.m.31 views

CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)

omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...

8.6CVSS8.9AI score0.00904EPSS
Exploits1References5
Rows per page
Query Builder