20 matches found
EUVD-2025-19636
Malicious code in bioql PyPI...
EUVD-2025-19634
Malicious code in bioql PyPI...
CVE-2025-34063
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary user...
CVE-2025-34064
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...
CVE-2025-34062
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...
CVE-2025-34064
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...
CVE-2025-34062
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...
CVE-2025-34064
OneLogin AD Connector is affected by a cloud infrastructure misconfiguration that sends log data to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers an unclaimed bucket can receive log files from other tenants, potentially exposin...
CVE-2025-34064 OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...
CVE-2025-34064 OneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data Leakage
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. The...
CVE-2025-34063 OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary user...
CVE-2025-34063 OneLogin AD Connector JWT Authentication Bypass via Exposed Signing Key
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary user...
CVE-2025-34063
CVE-2025-34063 affects OneLogin AD Connector prior to 6.1.5. The root cause is exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint, enabling an attacker to forge valid JWT tokens and impersonate arbitrary users across the OneLogin tenant, granting access to the O...
CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...
CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...
CVE-2025-34062
The CVE affects OneLogin AD Connector before 6.1.5. A vulnerability exists in the /api/adc/v4/configuration endpoint where a valid directory_token (potentially obtainable from host registry keys or insecure logs) can yield a plaintext response that exposes sensitive credentials, including API key...
PT-2025-27550 · Onelogin · Onelogin Ad Connector
Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector versions prior to 6.1.5 Description: An information disclosure issue exists via the "/api/adc/v4/configuration" endpoint. An attacker with access to a valid directory token can retrieve a plaintext response disclosing...
One Identity OneLogin AD Connector 安全漏洞
One Identity OneLogin AD Connector is a connector software from One Identity USA. A security vulnerability exists in the One Identity OneLogin AD Connector that stems from a misconfiguration of the cloud infrastructure leading to log data leakage...
PT-2025-27551 · Onelogin · Onelogin Ad Connector
Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector versions prior to 6.1.5 Description: A cryptographic authentication bypass issue exists due to the exposure of a tenant’s SSO JWT signing key via the "/api/adc/v4/configuration" endpoint. An attacker with the signing key...
PT-2025-27552 · Onelogin · Onelogin Ad Connector
Name of the Vulnerable Software and Affected Versions: OneLogin AD Connector affected versions not specified Description: A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket onelogin-adc-logs-production without validating bucket...