Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.27 views

CVE-2022-31186

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

3.3CVSS6.5AI score0.00247EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/08/06 5:29 a.m.5 views

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31186 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31186 Source advisory: OSV:GHSA-P6MM-27GQ-9V3P...

3.3CVSS5.8AI score0.00247EPSS
Exploits0
CVE
CVE
added 2022/08/01 7:25 p.m.418 views

CVE-2022-31186

Summary of CVE-2022-31186 : A information-disclosure vulnerability affects NextAuth.js (Next.js authentication solution). The issue allows an attacker with log access to obtain sensitive data (e.g., an identity provider’s secret) that is inadvertently logged during OAuth error handling. This appl...

3.3CVSS3.5AI score0.00247EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/01 7:25 p.m.6 views

CVE-2022-31186 Leakage of excessive information into log in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

3.3CVSS3.6AI score0.00247EPSS
Exploits0References4
Rows per page
Query Builder