27 matches found
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536
The CVE-2024-4536 issue affects Eclipse Dataspace Components (EDC) Connector versions 0.2.1–0.6.2. A security flaw in the OAuth2-protected data sink feature allows the consumer-provided clientSecretKey to be resolved in the provider vault instead of the consumer vault, causing the secret to be ex...
Eclipse Dataspace Components 安全漏洞
Eclipse Dataspace Components is a development connector for Eclipse Dataspace Components open source. A security vulnerability exists in Eclipse Dataspace Components versions 0.2.1 through 0.6.2. An attacker exploiting this vulnerability could obtain OAuth2 client secrets from the repository...
PT-2024-31579 · Eclipse · Eclipse Dataspace Components
Name of the Vulnerable Software and Affected Versions: Eclipse Dataspace Components versions 0.2.1 through 0.6.2 Description: A security issue has been identified in the EDC Connector component of Eclipse Dataspace Components, related to the OAuth2-protected data sink feature. When using a custom...