GHSA-F9C6-2F9P-82JJ Any user with view access to the XWiki space can change the authenticator

Impact A user who can access pages located in the XWiki space by default, anyone can access the page XWiki.Authentication.Administration and unless an authenticator is set in xwiki.cfg switch to another installed authenticator. Note that, by default, there is only one authenticator available...

XWiki Platform 安全漏洞

XWiki Platform is the XWiki open source suite of wiki platforms for creating web collaboration applications. A security vulnerability in XWiki Platform versions 15.3-rc-1 through 15.10.14 prior, 16.0.0-rc-1 through 16.4.6 prior, and 16.5.0-rc-1 through 16.10.0-rc-1 prior, stems from an improperly...

Drupal Authenticator Login Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing. This issue affects Authenticator Login: from 0.0.0 before 2.0.6...

GHSA-JWPX-6C4P-Q4JQ Drupal Authenticator Login Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing. This issue affects Authenticator Login: from 0.0.0 before 2.0.6...

CVE-2025-31681

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6...

CVE-2025-31681

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6...

CVE-2025-31681 Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6...

CVE-2025-31681 Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6...

CVE-2025-31681

The CVE-2025-31681 entry covers Drupal Authenticator Login (versions 0.0.0 through 2.0.5) with a Missing Authorization vulnerability that enables Forceful Browsing. Affected component is the Drupal Authenticator Login module; root cause is lack of proper authorization checks when accessing user-p...

PT-2025-13845 · Drupal · Drupal Authenticator Login

Name of the Vulnerable Software and Affected Versions: Drupal Authenticator Login versions 0.0.0 through 2.0.5 Description: The issue is related to a Missing Authorization vulnerability in Drupal Authenticator Login, which allows Forceful Browsing. Recommendations: For versions 0.0.0 through 2.0....

Drupal Authenticator Login 安全漏洞

Drupal Authenticator Login is a Drupal community authentication login module or feature for Drupal. A security vulnerability exists in Drupal Authenticator Login versions prior to 2.0.6, which stems from a lack of authorization and could lead to forced browsing...

CVE-2021-26091

A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset thei...

Fortinet Fortigate RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...

Fortinet FortiWeb RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...

LTI JupyterHub Authenticator does not properly validate JWT Signature

Impact Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are influenced. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to...

GHSA-MCGX-2GCR-P3HP LTI JupyterHub Authenticator does not properly validate JWT Signature

Impact Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are influenced. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to...

Improper Verification of Cryptographic Signature

Overview jupyterhub-ltiauthenticator is a JupyterHub authenticator implementing LTI v1.1 and LTI v1.3 Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the jwtverifyanddecode function, in the form of improper validation of JWT signatures. An...

CVE-2023-25574

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

CLSA-2025-1739962899 krb5: Fix of CVE-2024-3596

CVE-2024-3596: implement support for Message-Authenticator in libkrad...