Lucene search
K

26 matches found

UbuntuCve
UbuntuCve
added 2020/07/09 2:15 p.m.32 views

CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS7.2AI score0.01587EPSS
Exploits1References6
OSV
OSV
added 2020/07/09 2:15 p.m.3 views

UBUNTU-CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS7.2AI score0.01587EPSS
Exploits1References7
Prion
Prion
added 2020/07/09 2:15 p.m.20 views

Authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

6.4CVSS8.3AI score0.01587EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2020/07/09 1:20 p.m.318 views

CVE-2020-7692

CVE-2020-7692 affects the Google OAuth Client Library for Java (com.google.oauth-client:google-oauth-client) prior to 1.31.0. The issue is that PKCE is not implemented per OAuth 2.0 RFC for native apps, meaning an authorization code could be intercepted by a malicious app and used to gain access ...

9.1CVSS8.4AI score0.01587EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2020/07/09 1:20 p.m.35 views

CVE-2020-7692 Improper Authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

7.4CVSS8.4AI score0.01587EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2020/07/09 1:20 p.m.33 views

CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS8.3AI score0.01587EPSS
Exploits1
Rows per page
Query Builder