Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55450

Name of the Vulnerable Software and Affected Versions dragonfly versions prior to 2.4.4 Description The Dragonfly Manager fails to enforce authentication on specific API endpoints, allowing unauthenticated network-reachable attackers to retrieve sensitive OAuth client secrets. The issue occurs...

6.3CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2026/07/01 8:51 p.m.7 views

EUVD-2026-40297

Rancher has over-inclusive team membership expansion in GitHub App authentication provider...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 12:16 p.m.8 views

CVE-2026-41053

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 3:22 p.m.25 views

CVE-2026-27124 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

8.2CVSS0.00207EPSS
Exploits1References1
CVE
CVE
added 2026/04/03 3:22 p.m.16 views

CVE-2026-27124

CVE-2026-27124 describes a Confused Deputy vulnerability in the FastMCP OAuthProxy used with the GitHubProvider OAuth integration. Prior to version 3.2.0, the OAuthProxy does not properly validate user consent after receiving the GitHub authorization code, and combined with GitHub’s consent-page ...

8.2CVSS5.9AI score0.00207EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/31 10:32 p.m.7 views

GHSA-RWW4-4W9C-7733 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Summary While testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHu...

8.2CVSS5.9AI score0.00207EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 10:32 p.m.8 views

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Summary While testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHu...

8.2CVSS5.9AI score0.00207EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29421

Name of the Vulnerable Software and Affected Versions: FastMCP versions prior to 3.2.0 Description: FastMCP is susceptible to a Confused Deputy issue within its GitHubProvider OAuth integration. The OAuthProxy component fails to properly validate user consent when receiving authorization codes fr...

8.2CVSS5.3AI score0.00207EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.7 views

PT-2024-22133

Name of the Vulnerable Software and Affected Versions Minder versions prior to 0.0.33 Description A Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repository and any...

7.1CVSS6.9AI score0.00666EPSS
Exploits1References12
Rows per page
Query Builder