Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.15 views

CVE-2024-39315

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...

6.5CVSS6AI score0.00416EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2413

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00416EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-49458

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00484EPSS
Exploits0References3
NVD
NVD
added 2024/11/25 4:15 a.m.42 views

CVE-2024-11483

A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...

5CVSS0.0051EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/25 3:54 a.m.45 views

CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5

A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...

5CVSS0.0051EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/25 3:54 a.m.18 views

CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5

A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...

5CVSS5.7AI score0.0051EPSS
Exploits0References4
OSV
OSV
added 2024/11/25 3:54 a.m.19 views

CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5

A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...

5CVSS6AI score0.0051EPSS
Exploits0References8
CVE
CVE
added 2024/11/25 3:54 a.m.106 views

CVE-2024-11483

CVE-2024-11483 affects Red Hat Ansible Automation Platform 2.5, specifically automation-gateway: improper scope handling in OAuth2 tokens for AAP 2.5. The flaw allows write access via read-scoped OAuth2 tokens to API endpoints using ansible_base.oauth2_provider, enabling potential modifications w...

5CVSS5.5AI score0.0051EPSS
Exploits0References4
OSV
OSV
added 2024/07/05 7:42 p.m.12 views

GHSA-RRQR-7W59-637V Pomerium exposed OAuth2 access and ID tokens in user info endpoint response

Impact The Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be more severe in the presence of an XSS vulnerability in an upstream...

6.9CVSS5.3AI score0.00416EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/07/05 7:42 p.m.49 views

Pomerium exposed OAuth2 access and ID tokens in user info endpoint response

Impact The Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be more severe in the presence of an XSS vulnerability in an upstream...

6.5CVSS5.8AI score0.00416EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/07/02 8:15 p.m.48 views

CVE-2024-39315

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...

6.5CVSS0.00416EPSS
Exploits0References2
CVE
CVE
added 2024/07/02 8:2 p.m.92 views

CVE-2024-39315

CVE-2024-39315 affects Pomerium (before v0.26.1). The vulnerability arises from the user info page at /.pomerium, which unintentionally exposed serialized OAuth2 access and ID tokens from the logged-in user’s session. This exposure could let an attacker, via a proxied page and in the presence of ...

6.5CVSS5.2AI score0.00416EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/07/02 8:2 p.m.19 views

CVE-2024-39315 Pomerium exposed OAuth2 access and ID tokens in user info endpoint response

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...

5.7CVSS5.9AI score0.00416EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/10/18 1:2 a.m.4 views

SUSE CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

8.8CVSS6.8AI score0.00484EPSS
Exploits0References3
Prion
Prion
added 2023/10/16 7:15 p.m.22 views

Design/Logic Flaw

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

6.5CVSS8.6AI score0.00484EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.5 views

PT-2023-6441 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions prior to 25.0.8 Nextcloud versions prior to 26.0.3 Nextcloud versions prior to 27.0.1 Description: The issue is related to the storage of OAuth2 tokens in plaintext in Nextcloud, allowing an attacker who has gained access t...

9.8CVSS5.6AI score0.01041EPSS
Exploits6References97
RedHat Linux
RedHat Linux
added 2020/04/22 1:21 p.m.8 views

Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container

Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface...

9.8CVSS6.9AI score0.49739EPSS
Exploits11
Rows per page
Query Builder