Lucene search
K

269 matches found

Cvelist
Cvelist
added 2018/07/24 7:0 p.m.24 views

CVE-2018-11047

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...

7.4AI score0.01066EPSS
Exploits0References1
CVE
CVE
added 2018/07/24 7:0 p.m.61 views

CVE-2018-11047

CVE-2018-11047 affects Cloud Foundry UAA. It allows using a valid refresh token in place of an access token to access admin endpoints (e.g., /Users, /Groups), due to a flaw in authorization handling. Vulnerable versions include UAA releases before 4.19.2, 4.12.x before 4.12.4, 4.10.x before 4.10....

7.5CVSS7.3AI score0.01066EPSS
Exploits0References1Affected Software1
Cloud Foundry
Cloud Foundry
added 2018/07/18 12:0 a.m.302 views

CVE-2018-11047: UAA accepts refresh token as access token on admin endpoints | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa versions 4.19 prior to 4.19.2, 4.12 prior to 4.12.4, 4.10 prior to 4.10.2, 4.7 prior to 4.7.6, 4.5 prior to 4.5.7 You are using uaa-release versions v60 prior to v60.2, v57 prior to v57.4,...

7.5CVSS7.4AI score0.01066EPSS
Exploits0
CNVD
CNVD
added 2018/03/21 12:0 a.m.8 views

Cloud Controller, cf-deployment and cf-release authentication vulnerabilities

Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from the Cloud Foundry Foundation in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release version of CF...

8.8CVSS6.7AI score0.0099EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/02/10 7:34 p.m.26 views

Semrush: [oauth token leak] at oauth.semrush.com

Domain, site, application --- oauth.semrush.com Steps to reproduce --- 1 Create following html at attacker.com/postmessage.html function listenerevent alertJSON.stringifyevent.data; var dest =...

6.2AI score
Exploits0
OSV
OSV
added 2017/10/26 5:29 p.m.3 views

CVE-2017-12160

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...

7.2CVSS5.8AI score0.01887EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/10/17 7:53 p.m.6 views

keycloak: resource privilege extension via access token in oauth

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...

7.2CVSS5.8AI score0.01887EPSS
Exploits0References4
Hacker One
Hacker One
added 2015/04/06 11:56 p.m.34 views

Internet Bug Bounty: Race Conditions in OAuth 2 API implementations

Most of OAuth 2 API implementations seem to have multiple Race Condition vulnerabilities for processing requests for Access Token or Refresh Token. Race Condition allows a malicious application to obtain several accesstoken and refreshtoken pairs while only one pair should be generated. Further, ...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2013/06/04 12:0 a.m.23 views

Novell iManager Multiple Vulnerabilities

The host is running Novell iManager and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: gbnovellimanagermultvuln.nasl 6079 2017-05-08 09:03:33Z teissa $ Novell iManager Multiple Vulnerabilities Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks...

10CVSS1.7AI score0.01635EPSS
Exploits0References1
Rows per page
Query Builder