21 matches found
User Impersonation
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including administrative accounts, by setting their...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including administrative accounts, by setting their LDAP email attribute to match the...
User Impersonation
Overview @n8n/rest-api-client is a This package contains the REST API calls for n8n. Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including...
n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
Impact When LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email ...
GHSA-C545-X2RH-82FC n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
Impact When LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email ...
CVE-2026-33665
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...
CVE-2026-33665 n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...
CVE-2026-33665 n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...
CVE-2026-33665 n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...
CVE-2026-33665
n8n LDAP email-based account linking vulnerability (CVE-2026-33665) affects n8n Open Source Workflow Automation Platform prior to versions 2.4.0 and 1.121.0. When LDAP authentication is enabled, the system automatically linked an LDAP identity to an existing local account if the LDAP email attrib...
EUVD-2024-0260
Malicious code in bioql PyPI...
GHSA-5G66-628F-7CVJ Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
CVE-2024-21632
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
Information disclosure
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
Microsoft Azure AD flaw can lead to account takeover
Researchers have found that a flaw in Microsoft Azure AD can be used by attackers to take over accounts that rely on pre-established trust. In a nutshell, Microsoft Azure AD allows you to change the email address associated with an account without verification of whether you are in control of tha...
Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory AD Open Authorization OAuth process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubb...