Lucene search
K

38 matches found

Prion
Prion
added 2023/01/13 6:15 a.m.23 views

Design/Logic Flaw

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...

4.7CVSS6.2AI score0.00466EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/11 8:44 p.m.30 views

CVE-2023-0091

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...

4.2AI score0.00466EPSS
Exploits0References1
CVE
CVE
added 2023/01/11 8:44 p.m.236 views

CVE-2023-0091

CVE-2023-0091 is linked to Red Hat/SO, affecting Red Hat Single Sign-On (based on Keycloak). Description from RH advisories: the issue is that the Client Registration endpoint does not check token revocation in the client credential flow, enabling potential unauthorized access or modification of ...

3.8CVSS3.7AI score0.00466EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2022/07/30 12:13 a.m.5 views

CVE-2022-27866

creationtimestamp| type| source ---|---|--- 2022-07-30 00:13:56+00:00| seen| https://t.me/cibsecurity/47299...

7.8CVSS7.5AI score0.00226EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:10 a.m.19 views

Cloud Foundry UAA Denial of Service through client token revocation endpoint

An issue was discovered in Cloud Foundry Foundation cf-release all versions prior to v279 and UAA 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1. In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other...

5.3CVSS6.9AI score0.01086EPSS
Exploits0References10Affected Software1
CNVD
CNVD
added 2021/05/13 12:0 a.m.8 views

McAfee Total Protection Elevation of Privilege Vulnerability

McAfee Total Protection MTP is a one-stop security suite. An elevation of privilege vulnerability exists in McAfee Total Protection prior to version 16.0.32. An attacker could exploit this vulnerability to elevate privileges by emulating a client token...

7.8CVSS6.8AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2021/05/12 9:15 a.m.16 views

CVE-2021-23891

Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense...

7.8CVSS0.00342EPSS
Exploits0References1
OSV
OSV
added 2021/05/12 9:15 a.m.2 views

CVE-2021-23891

Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense...

7.8CVSS5.8AI score0.00342EPSS
Exploits0References1
Prion
Prion
added 2021/05/12 9:15 a.m.16 views

Privilege escalation

Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense...

4.6CVSS7.5AI score0.00342EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.5 views

McAfee Total Protection 安全漏洞

McAfee Total Protection MTP is a one-stop security suite. An elevation of privilege vulnerability exists in McAfee Total Protection prior to version 16.0.32. An attacker could exploit this vulnerability to elevate privileges by emulating a client token...

7.8CVSS5.6AI score0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.7 views

Privoxy Security Vulnerability

Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...

7.8CVSS5.8AI score0.02147EPSS
Exploits0References9
NVD
NVD
added 2020/11/11 5:15 p.m.17 views

CVE-2020-5426

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

9.8CVSS8.9AI score0.00699EPSS
Exploits0References1
Prion
Prion
added 2020/11/11 5:15 p.m.22 views

Default configuration

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

4.3CVSS9.2AI score0.00699EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/11 5:5 p.m.45 views

CVE-2020-5426

CVE-2020-5426 affects the TAS Scheduler prior to version 1.4.0, which could transmit the UAA client token in plaintext over non-TLS connections. The risk is influenced by MySQL server configuration used to cache the token; interception could grant an attacker admin-level access in the cloud contr...

9.8CVSS9.1AI score0.00699EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/07/02 8:15 p.m.3 views

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

4.3CVSS6.1AI score0.00575EPSS
Exploits0References2
NVD
NVD
added 2019/07/02 8:15 p.m.20 views

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

4.3CVSS4.4AI score0.00575EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2017/11/07 12:0 a.m.40 views

CVE-2017-8031: UAA Denial of Service through client token revocation endpoint | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-release All versions prior to v279 UAA 30.x versions prior to 30.6 45.x versions prior to 45.4 52.x versions prior to 52.1 Description In some cases, the UAA allows an authenticated user for a particul...

5.3CVSS5.1AI score0.01086EPSS
Exploits0
Cvelist
Cvelist
added 2017/09/18 9:0 p.m.25 views

CVE-2016-10511

The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS ap...

5.5AI score0.00822EPSS
Exploits1References2
Rows per page
Query Builder