Lucene search
+L

13463 matches found

OSV
OSV
added 2026/07/07 3:26 p.m.6 views

GO-2026-5908 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass in github.com/coder/coder

Coder vulnerable to OIDC account takeover via email-based user matching and emailverified bypass in github.com/coder/coder...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5853 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio

Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio...

5.9AI score
Exploits0References1
Veracode
Veracode
added 2026/07/07 10:5 a.m.8 views

Authentication Bypass

Coder is vulnerable to an authentication bypass. The vulnerability is due to improper validation of the emailverified claim in the OIDC callback and an unconditional email-based account fallback, which allows an attacker to take over accounts by supplying a non-boolean or missing emailverified...

7.4CVSS6AI score0.00479EPSS
Exploits0References12Affected Software2
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-59713

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS0.00153EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 8:52 p.m.5 views

GHSA-9R87-MVCW-X35F Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass

Summary Two flaws in Coder's OIDC login chained into account takeover: email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the emailverified claim was only enforced when present as a boolean false so an absent or non-boolean...

7.4CVSS6AI score0.00479EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/06 8:52 p.m.7 views

Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass

Summary Two flaws in Coder's OIDC login chained into account takeover: email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the emailverified claim was only enforced when present as a boolean false so an absent or non-boolean...

7.4CVSS6AI score0.00479EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 8:50 p.m.5 views

GHSA-75VM-6W67-GWVP Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 8:50 p.m.7 views

Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:36 p.m.35 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS0.00153EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:36 p.m.4 views

CVE-2026-59713

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 8:36 p.m.6 views

EUVD-2026-41941

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 8:36 p.m.17 views

CVE-2026-59713

CVE-2026-59713 (Leantime) describes an OIDC login CSRF vulnerability in the verifyState() method, where the function unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs with attacker-controlled authorization codes to perform ses...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 8:36 p.m.4 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/07/06 8:36 p.m.9 views

CVE-2026-59713 Leantime - OIDC Login CSRF via Unconditional State Verification Stub

Leantime contains an OIDC login CSRF vulnerability in the verifyState method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the...

8.6CVSS6AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-56066

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists in the OIDC callback where the email verified claim is checked using a direct Go bool type...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56015

Name of the Vulnerable Software and Affected Versions Leantime affected versions not specified Description An OIDC login CSRF issue exists in the verifyState function, which unconditionally returns true without validating state parameters. This allows attackers to craft malicious callback URLs...

8.6CVSS6.1AI score0.00153EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56065

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description Two flaws in the OIDC login process allow for account takeover. The first issue occurs when email-based us...

7.4CVSS6AI score0.00479EPSS
Exploits0References14
EUVD
EUVD
added 2026/07/05 6:55 a.m.11 views

EUVD-2026-41732

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/05 6:55 a.m.39 views

CVE-2026-14781 Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to userinfo email

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/07/05 6:55 a.m.24 views

CVE-2026-14781

A flaw in Keycloak’s OIDC broker (org.keycloak.broker.oidc) causes incorrect synchronization of the email_verified claim. When trustEmail=true and the userinfo endpoint is enabled, Keycloak uses email from userinfo but takes email_verified from the id_token without validating that it corresponds ...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
Rows per page
Query Builder