6 matches found
Spring Security OAuth - Open Redirector Vulnerability
Exploit for java platform in category web applications Exploit Title: Open Redirector in spring-security-oauth2 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...
Spring Security OAuth - Open Redirector
Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...
Spring Security OAuth - Open Redirector
Spring Security OAuth - Open Redirector Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...
com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +11 more potentially affected by CVE-2019-11269 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.17.RELEASE)
org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =1.4.3, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-11269 Source advisory: OSV:GHSA-MMF6-6597-3V6M...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
CVE-2019-11269 affects Spring Security OAuth; an open-redirect at the authorization endpoint (redirect_uri) can leak the authorization code. Affected versions: 2.3 before 2.3.6, 2.2 before 2.2.5, 2.1 before 2.1.5, 2.0 before 2.0.18, and older unsupported versions. Attack requires a crafted reques...