10 matches found
MISP ęęé®é¢ę¼ę“
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has an authorization vulnerability;...
CVE-2026-40574
CVE-2026-40574 affects OAuth2 Proxy. Affected: deployments using email_domain restrictions. Issue: authorization bypass where an attacker can use a malformed multi-@ email claim (e.g., [email protected]@company.com) to satisfy a company.com domain check, even though the claim is not a valid email...
CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...
CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the emaildomain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and...
PT-2026-33223
Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description An authorization bypass exists within the email domain enforcement option. An attacker can authenticate using a malformed email claim, such as [email protected]@company.com, to satisfy an allow...
CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims
OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...
Hail relies on OIDC email claims to verify the validity of a user's domain.
Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "[email protected]"...
GHSA-487P-QX68-5VJW Hail relies on OIDC email claims to verify the validity of a user's domain.
Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "[email protected]"...
Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory AD Open Authorization OAuth process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubb...