Lucene search
K

86 matches found

Vulnrichment
Vulnrichment
added 2022/01/18 9:35 p.m.5 views

CVE-2022-21673 OAuth Identity Token exposure in Grafana

Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...

4.3CVSS7AI score0.02013EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.6 views

Pac4j 数据伪造问题漏洞

Pac4j is a simple yet powerful Java security engine. Used to authenticate users, obtain their profiles and manage authorization to protect Web applications and Web services.Pac4j has a data forgery problem vulnerability that stems from the product not using a valid algorithm when validating ID...

7.5CVSS5.6AI score0.00895EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2021/03/12 10:39 p.m.5 views

@solid/community-server (=0.4.1) potentially affected by unknown CVE via @solid/identity-token-verifier (=0.4.3)

@solid/identity-token-verifier NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on @solid/identity-token-verifier and may be impacted: - @solid/community-server =0.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XMH9-RG6F-J3MR...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/03/12 10:39 p.m.51 views

Verification flaw in Solid identity-token-verifier

Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...

1AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2019/10/24 8:56 p.m.37 views

Improper Authentication in Auth0.AuthenticationApi

Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...

7.5CVSS3.3AI score0.00891EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/06/10 12:0 a.m.11 views

WooCommerce 2.0.20-2.3.10 - Object Injection / XXE

According to the researcher: The vulnerability is only present when WooCommerce’s "PayPal Identity Token" option is set...

2.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder