CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

Improper Control of Generation of Code in Spring Security

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

GHSA-J6JQ-3Q8P-XGG6 Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

phpMyAdmin Bypass logout timeout

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

GHSA-R2VW-P77F-VC27 phpMyAdmin Bypass logout timeout

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions prior to 4.6.5, and 4.4.x versions prior to 4.4.15.9 are affected...

GHSA-PGXH-WFW4-JX2V Django denial of service via empty session record creation

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...

mod_auth_mellon security update

0.14.0-12.1 - Resolves: rhbz1986805 - CVE-2021-3639 modauthmellon: Open Redirect vulnerability in logout URLs rhel-8...

Buildbot CRLF Injection

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

GHSA-66X7-2R56-FJ77 Buildbot CRLF Injection

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

Symfony CSRF Token Fixation

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

GHSA-3QH2-MCCC-Q5M6 Keycloak Open Redirect

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...

Moodle Allows Unauthenticated Dropbox Access

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout...

Moodle cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

GHSA-5JPH-MVFM-R27P Moodle cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting XSS attack is possible in the clientId parameter of a request...

mod_auth_mellon: Open Redirect vulnerability in logout URLs

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

gnome-shell: Password from logged-out user may be shown on login screen

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...

IBM Cloud Pak for Business Automation访问控制错误漏洞

IBM Cloud Pak for Business Automation is a set of modular, integrated software components from International Business Machines Corporation IBM built for any hybrid cloud, designed to automate work and accelerate business growth.IBM Cloud Pak for Business Automation is vulnerable to an access...

IBM Cloud Pak for Business Automation安全漏洞

IBM Cloud Pak for Business Automation is a set of modular, integrated software components from International Business Machines Corporation IBM built for any hybrid cloud, designed to automate work and accelerate business growth.IBM Cloud Pak for Business Automation is vulnerable to an access...