86 matches found
CVE-2022-21673 OAuth Identity Token exposure in Grafana
Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token and no other user credentials will forward the OAuth Identity of the most recently...
Pac4j 数据伪造问题漏洞
Pac4j is a simple yet powerful Java security engine. Used to authenticate users, obtain their profiles and manage authorization to protect Web applications and Web services.Pac4j has a data forgery problem vulnerability that stems from the product not using a valid algorithm when validating ID...
@solid/community-server (=0.4.1) potentially affected by unknown CVE via @solid/identity-token-verifier (=0.4.3)
@solid/identity-token-verifier NPM version =0.4.3 is affected by a known vulnerability. The following packages have a transitive dependency on @solid/identity-token-verifier and may be impacted: - @solid/community-server =0.4.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XMH9-RG6F-J3MR...
Verification flaw in Solid identity-token-verifier
Impact Severity Any Pod on a Solid server using a vulnerable version of the identity-token-verifier library is at risk of a spoofed Demonstration of Proof-of-Possession DPoP token binding. This vulnerability could give total and complete access to a targeted Pod. Summary A verification flaw in th...
Improper Authentication in Auth0.AuthenticationApi
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens...
WooCommerce 2.0.20-2.3.10 - Object Injection / XXE
According to the researcher: The vulnerability is only present when WooCommerce’s "PayPal Identity Token" option is set...