9 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-22258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.
Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...
cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.2.0.0 <=3.2.2.2), cn.herodotus.engine:oauth2-sdk-authentication (>=3.2.0.0 <=3.2.2.2) +13 more potentially affected by CVE-2024-22258 via org.springframework.security:spring-security-oauth2-authorization-server (>=1.2.0 <=1.2.2)
org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =1.2.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.0.0, =3.0.0, =2.0.0, =1.5.0, =2.0.0, =1.0.0-beta2, =3.2.0, =3.2.3 Source cves: CVE-2024-22258 Source advisory:...
cn.com.tltim.pigx:pigx-common-security (=5.0.0-20240820), cn.com.tltim.pigx:pigx-common-websocket (=5.0.0-20240820) +46 more potentially affected by CVE-2024-22258 via org.springframework.security:spring-security-oauth2-authorization-server (>=0.2.0 <=1.1.5)
org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =0.2.0, =0.0.1-alpha.1, =3.1.5.2, =2.7.7.3, =2.7.7.4, =2.7.0.0, =2.7.0.0, =2.7.1.2, =2.7.0.0, =3.0.6.4, =2023.0.0.2-alpha.1, =2023.0.0.2-alpha.2 - com.github.paganini2008.doodler:doodler-common-oauth =1.0.0-bet...
CVE-2024-22258
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
CVE-2024-22258
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...
CVE-2024-22258
CVE-2024-22258 affects Spring Authorization Server versions 1.0.0–1.0.5, 1.1.0–1.1.5, and 1.2.0–1.2.2 (and older unsupported) where confidential clients using PKCE with the Authorization Code Grant can be downgraded, potentially bypassing security restrictions. Public Clients using PKCE are not v...