Lucene search
+L

27 matches found

NVD
NVD
added 2024/05/07 1:15 p.m.55 views

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS6.6AI score0.00411EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/07 1:11 p.m.59 views

CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS6.8AI score0.00411EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/07 1:11 p.m.13 views

CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS7AI score0.00411EPSS
Exploits0References4
OSV
OSV
added 2024/05/07 1:11 p.m.19 views

CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS6.8AI score0.00411EPSS
Exploits0References7
CVE
CVE
added 2024/05/07 1:11 p.m.63 views

CVE-2024-4536

The CVE-2024-4536 issue affects Eclipse Dataspace Components (EDC) Connector versions 0.2.1–0.6.2. A security flaw in the OAuth2-protected data sink feature allows the consumer-provided clientSecretKey to be resolved in the provider vault instead of the consumer vault, causing the secret to be ex...

6.8CVSS6.8AI score0.00411EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.46 views

Eclipse Dataspace Components 安全漏洞

Eclipse Dataspace Components is a development connector for Eclipse Dataspace Components open source. A security vulnerability exists in Eclipse Dataspace Components versions 0.2.1 through 0.6.2. An attacker exploiting this vulnerability could obtain OAuth2 client secrets from the repository...

6.8CVSS6.4AI score0.00411EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.15 views

PT-2024-31579 · Eclipse · Eclipse Dataspace Components

Name of the Vulnerable Software and Affected Versions: Eclipse Dataspace Components versions 0.2.1 through 0.6.2 Description: A security issue has been identified in the EDC Connector component of Eclipse Dataspace Components, related to the OAuth2-protected data sink feature. When using a custom...

6.8CVSS6.7AI score0.00411EPSS
Exploits0References9
Rows per page
Query Builder