4 matches found
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
CVE-2024-21632
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...