Lucene search
K

153 matches found

CNNVD
CNNVD
added 2021/08/05 12:0 a.m.5 views

Mattermost Server 跨站脚本漏洞

Mattermost Server is an open source messaging platform from Mattermost, Inc. A cross-site scripting vulnerability exists in Mattermost Server, which stems from the lack of proper authentication of client-side data in OAuth-enabled Mattermost instances, and could be exploited to lure users into...

7.1CVSS5.2AI score0.03288EPSS
Exploits0References1
OSV
OSV
added 2021/06/08 7:15 p.m.2 views

UBUNTU-CVE-2021-22213

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari...

8.8CVSS5.7AI score0.01668EPSS
Exploits0References2
OSV
OSV
added 2021/02/23 6:15 p.m.16 views

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...

9.1CVSS6.8AI score0.02222EPSS
Exploits1References3
CVE
CVE
added 2021/02/23 5:58 p.m.81 views

CVE-2021-27582

MITREid Connect OpenID Connect server (MITREid Connect) before 1.3.3 is affected by a Mass Assignment (Autobinding) vulnerability in OAuthConfirmationController.java. The issue arises from unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, allowing HTTP request pa...

9.1CVSS9.1AI score0.02222EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/09/14 7:15 p.m.5 views

UBUNTU-CVE-2020-13300

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow...

10CVSS7.3AI score0.01292EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/09/14 12:0 a.m.7 views

PT-2020-13441 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.3 through 13.3.3 Description: The issue concerns an OAuth authorization scope change without user consent in the middle of the authorization flow. Recommendations: For GitLab CE/EE versions 13.3 through 13.3.3, update...

10CVSS9.2AI score0.01292EPSS
Exploits0References11
OSV
OSV
added 2020/04/22 2:15 p.m.2 views

CVE-2020-11691

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible...

7.5CVSS7.1AI score0.00872EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/07/08 12:0 a.m.9 views

PT-2019-5406 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7, openshift-enterprise-3.9 through 3.11 Description: A reflected XSS issue exists in the authorization flow, allowing an attacker to steal...

5.4CVSS4.4AI score0.00876EPSS
Exploits0References8
RubySec
RubySec
added 2019/03/25 12:0 a.m.29 views

Doorkeeper::OpenidConnect Open Redirect

Doorkeeper::OpenidConnect aka the OpenID Connect extension for Doorkeeper 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirecturi field in an OAuth authorization request that results in an error response with the 'openid' scope and a prompt=none value. This allows phishing attacks...

6.1CVSS6.8AI score0.01349EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/03/21 4:1 p.m.7 views

CVE-2019-9837

Doorkeeper::OpenidConnect aka the OpenID Connect extension for Doorkeeper 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirecturi field in an OAuth authorization request that results in an error response with the 'openid' scope and a prompt=none value. This allows phishing attacks...

6.1CVSS6.3AI score0.01349EPSS
Exploits0References3
CVE
CVE
added 2019/03/15 11:0 p.m.72 views

CVE-2019-9837

The CVE-2019-9837 issue affects Doorkeeper::OpenidConnect (OpenID Connect extension for Doorkeeper) versions 1.4.x and 1.5.x prior to 1.5.4. An open redirect can occur via the redirect_uri field in an OAuth authorization request when the request includes the 'openid' scope and prompt=none, potent...

6.1CVSS6.1AI score0.01349EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2018/10/17 7:28 p.m.6 views

spring-security-oauth: remote code execution in the authorization process

Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lea...

9.8CVSS8AI score0.08352EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2015/08/12 5:4 a.m.6 views

python-oauth2: Uses poor PRNG in nonce

It was found that python-oauth2 did not properly generate random values for use in nonces. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...

5.8CVSS5.7AI score0.0243EPSS
Exploits0References4
Rows per page
Query Builder