17 matches found
CVE-2024-39315
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...
EUVD-2024-2413
Malicious code in bioql PyPI...
EUVD-2023-49458
Malicious code in bioql PyPI...
CVE-2024-11483
A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...
CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...
CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...
CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5
A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...
CVE-2024-11483
CVE-2024-11483 affects Red Hat Ansible Automation Platform 2.5, specifically automation-gateway: improper scope handling in OAuth2 tokens for AAP 2.5. The flaw allows write access via read-scoped OAuth2 tokens to API endpoints using ansible_base.oauth2_provider, enabling potential modifications w...
GHSA-RRQR-7W59-637V Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Impact The Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be more severe in the presence of an XSS vulnerability in an upstream...
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Impact The Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be more severe in the presence of an XSS vulnerability in an upstream...
CVE-2024-39315
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...
CVE-2024-39315
CVE-2024-39315 affects Pomerium (before v0.26.1). The vulnerability arises from the user info page at /.pomerium, which unintentionally exposed serialized OAuth2 access and ID tokens from the logged-in user’s session. This exposure could let an attacker, via a proxied page and in the presence of ...
CVE-2024-39315 Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...
SUSE CVE-2023-45151
Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...
Design/Logic Flaw
Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...
PT-2023-6441 · Nextcloud +2 · Nextcloud +2
Name of the Vulnerable Software and Affected Versions: Nextcloud versions prior to 25.0.8 Nextcloud versions prior to 26.0.3 Nextcloud versions prior to 27.0.1 Description: The issue is related to the storage of OAuth2 tokens in plaintext in Nextcloud, allowing an attacker who has gained access t...
Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface...