Lucene search
+L

17 matches found

CVE
CVE
added 8 hours ago8 views

CVE-2026-15943

A vulnerability in Keycloak's keycloak-services component affects identity provider management. When a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value, the system performs improper validation and reuses the existing real secret even if fields ...

5.5CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 20 hours ago5 views

PT-2026-60741

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...

5.5CVSS5.4AI score
Exploits0References3
CVE
CVE
added 2 days ago17 views

CVE-2026-53512

CVE-2026-53512 affects Better Auth versions prior to 1.6.11, where the legacy oidcProvider and mcp plugins expose OAuth2 token endpoints that validate refresh_token grants without requiring the confidential client’s client_secret. An attacker with a valid refresh_token and the corresponding publi...

9.1CVSS6.1AI score0.00303EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/16 9:20 p.m.26 views

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS6.7AI score0.00609EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/14 9:31 p.m.8 views

Access Control Bypass

Overview io.jenkins.plugins:oidc-provider is an OpenID Connect Provider Plugin for Jenkins. Affected versions of this package are vulnerable to Access Control Bypass via the generation of build ID Tokens using potentially overridden values of environment variables. An attacker can impersonate a...

9.1CVSS7AI score0.00609EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/05/14 8:35 p.m.4 views

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS7.1AI score0.00609EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.4 views

Jenkins plugin OpenID Connect Provider 访问控制错误漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

9.1CVSS9AI score0.00609EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.12 views

Jenkins plugins Multiple Vulnerabilities (2025-05-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Critical In WSO2 Oauth Plugin 1.0 and earlier authentication claims are accepted without validation by the WSO2 Oauth security realm. This...

9.8CVSS8.6AI score0.00616EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 5:34 p.m.18 views

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

Summary The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12. Vulnerability Details CVEID:CVE-2024-22338 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose sensitive...

5.5CVSS3.9AI score0.00152EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.7 views

PT-2024-11666 · Ibm · Ibm Security Verify Access

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access affected versions not specified Description: The issue concerns an information disclosure problem with the OIDC Provider in IBM Security Verify Access. Recommendations: At the moment, there is no information about a...

6AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/05 4:15 p.m.20 views

Security Bulletin: IBM Security Verify Access OpenID Connect Provider container has fixed a vulnerability (CVE-2022-43867)

Summary A Security Vulnerability has been addressed in the IBM Security Verify Access OpenID Connect OIDC Provider container. Vulnerability Details CVEID:CVE-2022-43876 DESCRIPTION: IBM Security Verify Access OIDC Provider allows web pages to be stored locally which can be read by another user on...

7.8CVSS7.4AI score0.00281EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/10/14 12:0 a.m.7 views

IBM Security Verify Access Security Vulnerability

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

5.3CVSS6.3AI score0.00445EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/27 6:53 p.m.20 views

RHSSO: XSS due to lax URI scheme validation

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

10CVSS5.7AI score0.00626EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2023/05/24 12:0 a.m.57 views

Spring Authorization Server is on Spring Initializr!

Today, I'm excited to announce that you have a new superpower: creating applications with Spring Authorization Server on Spring Initializr! That's right, it's time to begin your OAuth2 journey and become the hero you always knew you could be! In this post, I'll explain how you can get the most fr...

6.7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2021/07/22 10:15 p.m.37 views

CVE-2021-32786

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

6.1CVSS6.7AI score0.02364EPSS
Exploits1References6
Cvelist
Cvelist
added 2021/07/22 12:0 a.m.57 views

CVE-2021-32785 Format string bug in the Redis cache implementation

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When modauthopenidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache...

5.3CVSS7.9AI score0.02731EPSS
Exploits0References6
Hacker One
Hacker One
added 2018/12/05 6:21 p.m.66 views

Zomato: [auth2.zomato.com] Reflected XSS at `oauth2/fallbacks/error` | ORY Hydra an OAuth 2.0 and OpenID Connect Provider

Heyy there, I have found a xss in auth2.zomato.com Full url:https://auth2.zomato.com/oauth2/fallbacks/error?error=xss&errordescription=xss&errorhint=xss Vulnerable Parameters: All available parameters are vulnerable XSS Payload: XSS Steps To Reproduce the xss Just copy paste and load this url in...

6.9AI score
Exploits0
Rows per page
Query Builder