13 matches found
Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data
Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...
RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0560 advisory. - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper...
Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)
Summary Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by ...
Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns.
Summary The version of Gradle shipped in the Fabric java chaincode environment image version 2.2. javaenv.2.2 depends on a vulnerable version of the google ouatth client. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to...
Security Bulletin: a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692.
Summary This fix is a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Spectrum LSF| 10.1...
CVE-2020-7692
creationtimestamp| type| source ---|---|--- 2020-10-04 12:46:13+00:00| seen| https://t.me/VulnerabilityNews/17424...
Authorization
DISPUTED oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
CVE-2020-7692 affects the Google OAuth Client Library for Java (com.google.oauth-client:google-oauth-client) prior to 1.31.0. The issue is that PKCE is not implemented per OAuth 2.0 RFC for native apps, meaning an authorization code could be intercepted by a malicious app and used to gain access ...
ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3), ai.h2o:h2o-persist-gcs (>=3.20.0.1 <=3.32.1.5) +1916 more potentially affected by CVE-2020-7692 via com.google.oauth-client:google-oauth-client (>=1.10.0-beta <=1.30.6)
com.google.oauth-client:google-oauth-client MAVEN version =1.10.0-beta, =1.4.2, =3.20.0.1, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =0.1.2, =19.9.0, =19.9.0, =19.9.0, =19.9.1, =19.9.0, =20.3.2-2 and more Source cves: CVE-2020-7692 Source advisory:...