The vulnerability of the JSON Web Token authentication plugin in the Django framework’s “django-restframework-simplejwt” software platform allows a hacker to disclose sensitive information that should be protected.

The vulnerability of the JSON Web Token authentication plugin in the Django software framework relates to the lack of protection for sensitive data. Exploiting this vulnerability could allow an attacker to disclose protected information through the foruser method...

CVE-2024-0681

The Page Restriction WordPress WP – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it...

BIT-MOODLE-2021-40691

A session hijack risk was identified in the Shibboleth authentication plugin...

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin EAP following the discovery of a critical security flaw. Tracked as CVE-2024-22245 CVSS score: 9.6, the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a...

PT-2024-1777 · Vmware · Vmware Enhanced Authentication Plug-In

Name of the Vulnerable Software and Affected Versions: VMware Enhanced Authentication Plug-in EAP affected versions not specified Description: The issue is related to arbitrary authentication relay and session hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP. Th...

VMware Enhanced Authentication Plug-in Security Vulnerability

The VMware Enhanced Authentication Plug-in is part of the VMware Horizon client from VMware, Inc. and is used to provide an additional authentication layer to enhance the security of access to VMware Horizon virtual desktops and applications. A security vulnerability exists in VMware Enhanced...

DRUPAL-CONTRIB-2024-003

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. In some cases, the module allows users to log in with an authentication plugin that an administrator has disabled. This vulnerability is mitigated by the fact that a...

Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. In some cases, the module allows users to log in with an authentication plugin that an administrator has disabled. This vulnerability is mitigated by the fact that a...

CVE-2023-50771

The vulnerability CVE-2023-50771 affects Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier. Root cause: the plugin improperly validates the redirect URL after login, allowing an attacker to phishingly redirect to a malicious site instead of Jenkins. Impact (per sources): poten...

PT-2023-31640 · Jenkins · Jenkins Openid Connect Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier Description: The issue allows attackers to perform phishing attacks by improperly determining that a redirect URL after login is legitimately pointing to Jenkins...

SUSE CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from an HTTP/2 frame formatting error and is vulnerable to HTTP/2 and s3 authentication...

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

CVE-2023-40343

CVE-2023-40343 affects Jenkins Tuleap Authentication Plugin (versions 1.1.20 and earlier). The root cause is a non-constant-time comparison function when validating authentication tokens, which could allow attackers to apply statistical methods to obtain a valid token. The issue is mitigated by u...

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

PT-2023-27401 · Jenkins · Jenkins Tuleap Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Authentication Plugin versions 1.1.20 and earlier Description: The issue concerns a non-constant time comparison function used when validating an authentication token, allowing attackers to potentially use statistical methods t...

Jenkins Plugin Tuleap Authentication 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...