197 matches found
CVE-2024-52598
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52598 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...
CVE-2024-52598
2FAuth 5.4.1 fixes a pair of issues: an SSRF vulnerability and a URI validation bypass in the POST /api/v1/twofaccounts/preview endpoint. An attacker can supply a remote URI; the app may perform a GET to that URL and, if the response appears as an image, store it on the server. The URI filter che...
Improper File URI Scheme Validation
changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...
PT-2024-35394 · 2Fauth · 2Fauth
Name of the Vulnerable Software and Affected Versions: 2FAuth version 5.4.1 2FAuth versions prior to 5.4.1 Description: 2FAuth is a web application used to manage Two-Factor Authentication 2FA accounts and generate their security codes. It contains two interconnected vulnerabilities: a Server-Sid...
CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
Open Redirect
org.keycloak, keycloak-services is vulnerable vulnerable to Open Redirect. The vulnerability is due to a misconfiguration flaw in the validation of redirect URIs. An attacker can redirect users to an arbitrary URL and potentially expose sensitive information such as authorization codes, leading t...
UBUNTU-CVE-2024-6763
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...
Important: Red Hat Security Advisory: Red Hat build of Keycloak 22.0.13 Images Update
New images with security impact Important are available for Red Hat build of Keycloak 22.0.13 and Red Hat build of Keycloak 22.0.13 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift...
Important: Red Hat Security Advisory: Red Hat build of Keycloak 22.0.13 Update
New Red Hat build of Keycloak 22.0.13 packages with security impact Important are available from the Customer Portal Red Hat build of Keycloak 22.0.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 security update
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 for OpenShift image enhancement update
A new image is available for Red Hat Single Sign-On 7.6.11, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 security update on RHEL 8
New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.11 security update on RHEL 9
New Red Hat Single Sign-On 7.6.11 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 9 : Red Hat Single Sign-On 7.6.11 security update on RHEL 9 (Important) (RHSA-2024:6880)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6880 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
Apache OFBiz resolveURI Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveURI method. The issue results from improper URI validation...
(Pwn2Own) QNAP TS-464 TURN Server create_session Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the createsession action. The issue results from the lack of...