4 matches found
Information disclosure
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...
CVE-2022-31186 Leakage of excessive information into log in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...
CVE-2022-31186
Summary of CVE-2022-31186 : A information-disclosure vulnerability affects NextAuth.js (Next.js authentication solution). The issue allows an attacker with log access to obtain sensitive data (e.g., an identity provider’s secret) that is inadvertently logged during OAuth error handling. This appl...
CVE-2022-31186 Leakage of excessive information into log in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...