4 matches found
CVE-2022-31186
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...
@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31186 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)
next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31186 Source advisory: OSV:GHSA-P6MM-27GQ-9V3P...
CVE-2022-31186
Summary of CVE-2022-31186 : A information-disclosure vulnerability affects NextAuth.js (Next.js authentication solution). The issue allows an attacker with log access to obtain sensitive data (e.g., an identity provider’s secret) that is inadvertently logged during OAuth error handling. This appl...
CVE-2022-31186 Leakage of excessive information into log in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...