17 matches found
keycloak: Keycloak: Access token disclosure and implicit flow bypass via forged client data
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...
GHSA-HQ3P-W4XV-X7VP Keycloak: Access token disclosure and implicit flow bypass via forged client data
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...
Keycloak: Access token disclosure and implicit flow bypass via forged client data
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...
CVE-2026-7571 Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client data
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...
gitpod 安全漏洞
gitpod is a cloud-based integrated development environment open-sourced by gitpod. A security vulnerability exists in versions prior to gitpod main-gha.33628, which stems from mishandling of the Bitbucket OAuth integration, which could lead to access token disclosure...
Element 安全漏洞
Element is a Matrix web collaboration client from Element Open Source. A security vulnerability exists in Element that stems from a vulnerability that could lead to an access token disclosure under certain circumstances...
CVE-2024-31842
Italtel Embrace 1.6.4 is affected by a vulnerability where the web application inserts an authenticated user’s access token into GET requests. The token appears in the URL’s query string and can be stored in browser history, Referer headers, web logs, or other sources, enabling attackers to use t...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in craftmembers. A remote attacker can exploit the vulnerability to send a malicious notification to the victim...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in taketorinoyu. A remote attacker could exploit the vulnerability to send a malicious notification to the victim...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in Lil.OFF-PRICE STORE. A remote attacker could exploit the vulnerability to send a malicious notification to the victim...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in besttrainingmember. A remote attacker can exploit the vulnerability to send malicious notifications...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in DRAGON FAMILY. A remote attacker can exploit the vulnerability to send a malicious notification to the victim...
Line Security Breach
Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue with F.B.P members. A remote attacker could exploit the vulnerability to send a malicious notification to the victim...
PT-2023-5447 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.23.0 Description: The issue affects Docker Desktop and is related to the disclosure of protected information. It allows a remote attacker to obtain an access token using a specially crafted extension icon UR...
Jenkins Gitea Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jupyter Server 安全漏洞
Jupyter Server is a Jupyter community application used to provide back-end services for Jupyter web applications. A security vulnerability exists in Jupyter Server versions prior to 1.17.1. An attacker could exploit this vulnerability to disclose access tokens to a malicious third party and modif...
Gitlab -- multiple vulnerabilities
Gitlab reports: SSRF GCP access token disclosure Persistent XSS on issue details Diff formatter DoS in Sidekiq jobs Confidential information disclosure in events API endpoint validatelocalhost function in urlblocker.rb could be bypassed Slack integration CSRF Oauth2 GRPC::Unknown logging token...