7 matches found
EUVD-2024-1371
Malicious code in bioql PyPI...
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component, an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component...
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536
The CVE-2024-4536 issue affects Eclipse Dataspace Components (EDC) Connector versions 0.2.1–0.6.2. A security flaw in the OAuth2-protected data sink feature allows the consumer-provided clientSecretKey to be resolved in the provider vault instead of the consumer vault, causing the secret to be ex...