Lucene search
K

7 matches found

Veracode
Veracode
added 2025/02/24 6:26 a.m.7 views

Race Condition

Duende.AccessTokenManagement is vulnerable to a Race condition. The vulnerability is due to improper synchronization in access token retrieval, allowing an attacker to obtain a token with incorrect scopes or resource indicators, potentially leading to unauthorized access...

6.3CVSS6.5AI score0.00362EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/02/19 5:47 p.m.6 views

GHSA-QXJ7-2X7W-3MPP Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Summary Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protocol parameters can return access tokens obtained with the wrong scope, resource indicator, or other...

6.3CVSS6.5AI score0.00362EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/18 5:36 p.m.11 views

CVE-2025-26620 Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

6.3CVSS7AI score0.00362EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/18 5:36 p.m.53 views

CVE-2025-26620 Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

6.3CVSS0.00362EPSS
Exploits0References2
NVD
NVD
added 2024/11/08 12:15 a.m.20 views

CVE-2024-51987

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

5.4CVSS0.00221EPSS
Exploits0References1
CVE
CVE
added 2024/11/07 11:36 p.m.90 views

CVE-2024-51987

The CVE-2024-51987 issue affects Duende.AccessTokenManagement.OpenIdConnect, where HTTP clients created via AddUserAccessTokenHttpClient could emit a refreshed token associated with another user due to token capture in pooled HttpClient instances. Technical details across sources confirm the vuln...

5.4CVSS5.2AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/07 11:36 p.m.44 views

CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

5.4CVSS0.00221EPSS
Exploits0References1
Rows per page
Query Builder