Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.11.3 and prior to 10.11.x, 10.5.11 and prior to 10.5.x, and 10.12.0 and prior to 10.12.x. The vulnerability stems from an unvalidated post upda...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition. An attacker exploited the vulnerability to allow account takeover by compromising the OAuth process. The following versions are affected:...

LinkedIn: Forced OAuth authorization using button ID in hash and holding space

The vulnerability allowed attackers to conduct a social engineering attack to trick users into authorizing a third-party app to bind to their LinkedIn account without explicit consent. The attack exploited the OAuth process by using a button ID in the hash and requiring the user to press and hold...

next-auth security vulnerability

next-auth is the complete open source authentication solution for Next.js applications. A security vulnerability exists in versions of next-auth prior to 4.24.5, which stems from an attacker being able to obtain a NextAuth.js-issued JWT from an interrupted OAuth login process status, PKCE, or...

Shocking Findings from the 2023 Third-Party App Access Report

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS third-party app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their...

Open Redirects

github.com/bitly/oauth2proxy is vulnerable to open redirect attacks. Attackers are able to redirect users to other domains during the oAuth process by appending // at the front of the url...