Lucene search
K

43 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

8.1CVSS0.00172EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

0.00172EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41687

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score0.00172EPSS
Exploits0References4
CVE
CVE
added 4 days ago15 views

CVE-2026-12746

CVE-2026-12746 affects Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 (Perl). The underlying issue is that the OAuth 2.0 state parameter is not supported, causing the authentication_url to redirect without a state value and the callback to process the response without binding it to t...

8.1CVSS5.9AI score0.00186EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 12:25 p.m.13 views

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.10 views

CVE-2026-42565

@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/12 3:34 p.m.9 views

OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

6.5CVSS5.9AI score0.00219EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/11 9:11 p.m.36 views

CVE-2026-44695 Outline: Slack OAuth state can link a victim Outline account to an attacker Slack identity

Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A third party who can obtain a Slack OAuth code for the same Outline Slack client can make a...

5.8CVSS0.00125EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 9:11 p.m.18 views

CVE-2026-44695

Summary: CVE-2026-44695 affects Outline before version 1.7.1. The Slack OAuth flow for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. If an attacker can obtain a Slack OAuth code for the same Outline Slack client, they can cause a logged-in Outline user to comple...

6.5CVSS5.9AI score0.00125EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/04/18 3:34 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview apache-airflow-providers-keycloak is a Provider package apache-airflow-providers-keycloak for Apache Airflow Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the login authentication process due to missing generation and validation of the OAuth 2.0...

5.4CVSS5.8AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/04/18 2:16 p.m.5 views

CVE-2026-40948

The Keycloak authentication manager in apache-airflow-providers-keycloak did not generate or validate the OAuth 2.0 state parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's...

5.4CVSS0.00328EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 9:31 p.m.7 views

Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it...

6CVSS5.9AI score0.00238EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 8:45 p.m.2 views

CVE-2026-34511 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:45 p.m.3 views

CVE-2026-34511

OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...

6CVSS6AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28477 OpenClaw < 2026.2.14 - OAuth State Validation Bypass in Manual Chutes Login Flow

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

5.9CVSS6AI score0.00133EPSS
Exploits0References5
OSV
OSV
added 2026/03/03 12:39 a.m.4 views

GHSA-6G25-PC82-VFWP OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

5.1CVSS5.9AI score0.00459EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 12:39 a.m.7 views

OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

5.9AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/20 8:14 p.m.8 views

CVE-2025-68481

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

5.9CVSS6.9AI score0.00222EPSS
Exploits1References1
NVD
NVD
added 2025/12/19 9:15 p.m.11 views

CVE-2025-68481

FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...

8.8CVSS0.00222EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/12/19 9:10 p.m.11 views

FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

Description The OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. generatestatetoken is always called with an empty statedata dict, so the resulting JWT only contains the fixed audience...

8.8CVSS6.9AI score0.00222EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder