4 matches found
CVE-2023-22482
A flaw was found in ArgoCD. GitOps is vulnerable to an improper authorization bug where the API may accept invalid tokens. ID providers include an audience claim in signed tokens, which may be used to restrict which services can accept the token. ArgoCD doesn't properly validate the audience clai...
com.enonic.xp:lib-auth vulnerable to Session Fixation
Impact All id-providers using lib-auth login method. Patches https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842 https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4...
GHSA-4M5P-5W5W-3JCF com.enonic.xp:lib-auth vulnerable to Session Fixation
Impact All id-providers using lib-auth login method. Patches https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842 https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4...
CVE-2019-14407
cPanel before 78.0.2 reveals internal data to OpenID providers SEC-415...