CVE-2023-33005

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login...

PT-2023-21166 · Npm · Nextauth.Js

Name of the Vulnerable Software and Affected Versions: NextAuth.js versions prior to v4.20.1 Description: The issue allows a bad actor to intercept and tamper with the authorization URL, enabling them to log in as the victim and bypass CSRF protection. This occurs due to a partial failure during ...

Session fixation

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP...

CVE-2020-15679

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP...

CVE-2020-15679

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP...

PT-2022-27003 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS formerly concrete5 versions below 8.5.10 Concrete CMS formerly concrete5 versions 9.0.0 through 9.1.2 Description: The issue arises when Concrete CMS does not issue a new session ID upon successful OAuth authentication. This can...