42 matches found
CVE-2023-40545
Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...
EUVD-2019-6216
Malware in sbrugna...
EUVD-2025-9041
Malicious code in bioql PyPI...
EUVD-2024-1371
Malicious code in bioql PyPI...
EUVD-2023-45116
Malicious code in bioql PyPI...
CVE-2024-52519
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2019-15150
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function...
Drupal OAuth2 Client Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery. This issue affects OAuth2 Client: from 0.0.0 before 4.1.3...
GHSA-6CHF-HHQF-749C Drupal OAuth2 Client Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery. This issue affects OAuth2 Client: from 0.0.0 before 4.1.3...
CVE-2025-31684
Cross-Site Request Forgery CSRF vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3...
CVE-2025-31684
CVE-2025-31684 affects Drupal OAuth2 Client (versions 0.0.0 through 4.1.2). The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the OAuth2 Client module that can enable unauthorized actions on behalf of a user. According to CVSS data, impact includes high integrity and availability ...
CVE-2025-31684 OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013
Cross-Site Request Forgery CSRF vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3...
CVE-2025-31684 OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013
Cross-Site Request Forgery CSRF vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3...
PT-2025-13848 · Drupal · Drupal Oauth2 Client
Name of the Vulnerable Software and Affected Versions: Drupal OAuth2 Client versions 0.0.0 through 4.1.2 Description: A Cross-Site Request Forgery CSRF issue affects the Drupal OAuth2 Client, allowing unauthorized actions to be performed on behalf of the user. This issue may be exploited by an...
OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013
This module enables a developer to create dedicated OAuth2 clients for connecting to external APIs and other OAuth protected resources. The module does not use Cross Site Request Forgery CSRF tokens to protect routes for enabling a client. This vulnerability is mitigated by the fact that an...
This Week in Spring - December 10th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am in the southern hemisphere it's summer down here!, in Brisbane, waiting to board a plane for Sydney. It's been a ton of fun! I did a video looking at the latest-and-greatest in Spring Framework 6.2 - chec...
PT-2024-9158 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 and prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8, prior to 28.0.10, and prior to 29.0.7 Description: The issue is related to the insecure storage of confidential informatio...
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-4536
The CVE-2024-4536 issue affects Eclipse Dataspace Components (EDC) Connector versions 0.2.1–0.6.2. A security flaw in the OAuth2-protected data sink feature allows the consumer-provided clientSecretKey to be resolved in the provider vault instead of the consumer vault, causing the secret to be ex...