Lucene search
K

79 matches found

CVE
CVE
added 2023/11/20 6:25 p.m.127 views

CVE-2023-48309

Concrete details: The CVE-2023-48309 flaw affects next-auth (Next.js) apps before v4.24.5 that rely on the default Middleware authorization. An attacker can obtain a NextAuth.js JWT from an interrupted OAuth sign-in flow and override the next-auth.session-token cookie with this unrelated JWT to s...

5.3CVSS5.1AI score0.007EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/11/20 6:25 p.m.32 views

CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

5.3CVSS5.3AI score0.007EPSS
Exploits0References7
NVD
NVD
added 2023/03/09 9:15 p.m.30 views

CVE-2023-27490

NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...

8.8CVSS8.2AI score0.00538EPSS
Exploits1References7
Prion
Prion
added 2023/03/09 9:15 p.m.30 views

Authorization

NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...

6.8CVSS8.7AI score0.00538EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2023/03/09 8:37 p.m.34 views

CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth

NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...

8.1CVSS8.9AI score0.00538EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/03/09 8:37 p.m.9 views

CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth

NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...

8.1CVSS8.7AI score0.00538EPSS
Exploits1References7
CVE
CVE
added 2023/03/09 8:37 p.m.59 views

CVE-2023-27490

NextAuth.js (for Next.js) versions before 4.20.1 are affected. A partial OAuth session failure lets a network observer or social engineer modify the authorization URL to bypass CSRF checks, potentially logging in as the victim. The issue arises from missing/compromised state, PKCE, and nonce hand...

8.8CVSS8.4AI score0.00538EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/03/09 8:37 p.m.34 views

CVE-2023-27490 Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth

NextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social...

8.1CVSS8.6AI score0.00538EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/03/09 12:0 a.m.6 views

NextAuth.js 授权问题漏洞

NextAuth.js is an authentication for Next.js. NextAuth.js is vulnerable to authorization issues. An attacker can exploit this vulnerability to elevate privileges...

8.8CVSS8AI score0.00538EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/03/09 12:0 a.m.7 views

PT-2023-21166 · Npm · Nextauth.Js

Name of the Vulnerable Software and Affected Versions: NextAuth.js versions prior to v4.20.1 Description: The issue allows a bad actor to intercept and tamper with the authorization URL, enabling them to log in as the victim and bypass CSRF protection. This occurs due to a partial failure during ...

8.8CVSS8.6AI score0.00538EPSS
Exploits1References13
CNVD
CNVD
added 2022/09/30 12:0 a.m.30 views

NextAuth.js authorization issue vulnerability

NextAuth.js is an authentication for Next.js. NextAuth.js version v3.0.2 is vulnerable to authorization issues, which can be exploited by attackers to perform unauthorized actions...

4.8AI score0.00583EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/09/28 9:15 p.m.29 views

CVE-2022-39263

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

8.1CVSS0.00583EPSS
Exploits0References2
Prion
Prion
added 2022/09/28 9:15 p.m.20 views

Design/Logic Flaw

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

5.1CVSS8.1AI score0.00583EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/28 9:5 p.m.37 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.4AI score0.00583EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/28 9:5 p.m.8 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.2AI score0.00583EPSS
Exploits0References2
CVE
CVE
added 2022/09/28 9:5 p.m.61 views

CVE-2022-39263

CVE-2022-39263 affects the Upstash Redis adapter for NextAuth.js when used with the Email Provider prior to v3.0.2. The adapter verifified only the identifier (email) and not the combined identifier + token in the email callback flow, enabling an attacker who knows the victim’s email (and token ex...

8.1CVSS7.4AI score0.00583EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/28 9:5 p.m.24 views

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

6.8CVSS8.2AI score0.00583EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.41 views

NextAuth.js 授权问题漏洞

NextAuth.js is an authentication for Next.js. NextAuth.js version v3.0.2 is vulnerable to authorization issues, which can be exploited by attackers to perform unauthorized actions...

8.1CVSS7AI score0.00583EPSS
Exploits0References3
NVD
NVD
added 2022/08/02 6:15 p.m.17 views

CVE-2022-35924

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

9.1CVSS0.01098EPSS
Exploits0References8
Prion
Prion
added 2022/08/02 6:15 p.m.21 views

Authorization

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

6.4CVSS9.3AI score0.01098EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder