CVE-2025-59363

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 even though this secret should only be returned when an App is first created,...

CVE-2025-59363

In One Identity OneLogin prior to 2025.3.0, the GET /api/2/apps endpoint returned OIDC client_secret values alongside app metadata, enabling disclosure of sensitive credentials. This is caused by excessive data being returned by the Apps API v2 and constitutes a breach of confidentiality for OIDC...