Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 6:7 p.m.43 views

Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...

9.1CVSS8.1AI score0.01587EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/23 12:0 a.m.38 views

RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

9.9CVSS8AI score0.99615EPSS
Exploits11References56
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.44 views

RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0560 advisory. - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper...

9.9CVSS6.8AI score0.05563EPSS
Exploits4References49
RedHat Linux
RedHat Linux
added 2023/05/24 5:13 p.m.72 views

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.1AI score0.99931EPSS
Exploits52References18
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/04 10:25 p.m.35 views

Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)

Summary Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by ...

9.1CVSS2.7AI score0.01587EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/03 4:1 p.m.41 views

Security Bulletin: Upgrade javaenv:2.2 to address Gradle oauth authentication concerns.

Summary The version of Gradle shipped in the Fabric java chaincode environment image version 2.2. javaenv.2.2 depends on a vulnerable version of the google ouatth client. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to...

9.1CVSS0.7AI score0.01587EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/19 1:47 a.m.35 views

Security Bulletin: a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692.

Summary This fix is a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Spectrum LSF| 10.1...

9.1CVSS2.1AI score0.01587EPSS
Exploits1Affected Software1
Circl
Circl
added 2020/10/04 12:46 p.m.6 views

CVE-2020-7692

creationtimestamp| type| source ---|---|--- 2020-10-04 12:46:13+00:00| seen| https://t.me/VulnerabilityNews/17424...

9.1CVSS7.7AI score0.01587EPSS
Exploits1References1
Prion
Prion
added 2020/10/04 5:15 a.m.27 views

Authorization

DISPUTED oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid...

5CVSS8.4AI score0.0219EPSS
Exploits2References5Affected Software1
NVD
NVD
added 2020/07/09 2:15 p.m.27 views

CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS0.01587EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2020/07/09 2:15 p.m.32 views

CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS7.2AI score0.01587EPSS
Exploits1References6
CVE
CVE
added 2020/07/09 1:20 p.m.319 views

CVE-2020-7692

CVE-2020-7692 affects the Google OAuth Client Library for Java (com.google.oauth-client:google-oauth-client) prior to 1.31.0. The issue is that PKCE is not implemented per OAuth 2.0 RFC for native apps, meaning an authorization code could be intercepted by a malicious app and used to gain access ...

9.1CVSS8.4AI score0.01587EPSS
Exploits1References7Affected Software1
vulnersOsv
vulnersOsv
added 2020/07/03 12:1 p.m.6 views

ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3), ai.h2o:h2o-persist-gcs (>=3.20.0.1 <=3.32.1.5) +1916 more potentially affected by CVE-2020-7692 via com.google.oauth-client:google-oauth-client (>=1.10.0-beta <=1.30.6)

com.google.oauth-client:google-oauth-client MAVEN version =1.10.0-beta, =1.4.2, =3.20.0.1, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =3.30.0.5-1-3.0, =2.1.44, =0.1.2, =19.9.0, =19.9.0, =19.9.0, =19.9.1, =19.9.0, =20.3.2-2 and more Source cves: CVE-2020-7692 Source advisory:...

9.1CVSS7.1AI score0.01587EPSS
Exploits1
Rows per page
Query Builder