14 matches found
EUVD-2020-1445
Malware in sbrugna...
Regression in JWT Signature Validation
Overview Versions after and including 2.3.0 are improperly validating the JWT token signature when using the JWTValidator.verify method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and...
GHSA-58R4-H6V8-JCVM Regression in JWT Signature Validation
Overview Versions after and including 2.3.0 are improperly validating the JWT token signature when using the JWTValidator.verify method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and...
Regression in JWT Signature Validation
Overview Versions after and including 2.3.0 are improperly validating the JWT token signature when using the JWTValidator.verify method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and...
Regression in JWT Signature Validation
Overview Affected versions of this package are vulnerable to Regression in JWT Signature Validation. It improperly validates the JWT token signature when using the jwtvalidator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and...
Authorization Bypass
omniauth-auth0 is vulnerable to authorization bypass. The vulnerability exists through a regression made in code that validates JWT token signatures, where it is possible to bypass authentication and authorization when the default Authorization Code Flow is not used...
CVE-2020-15240
omniauth-auth0 rubygems versions = 2.3.0 and 2.4.1 improperly validate the JWT token signature when using the jwtvalidator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all ...
CVE-2020-15240
omniauth-auth0 rubygems versions = 2.3.0 and 2.4.1 improperly validate the JWT token signature when using the jwtvalidator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all ...
CVE-2020-15240
omniauth-auth0 rubygems versions = 2.3.0 and 2.4.1 improperly validate the JWT token signature when using the jwtvalidator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all ...
Authorization
omniauth-auth0 rubygems versions = 2.3.0 and 2.4.1 improperly validate the JWT token signature when using the jwtvalidator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all ...
CVE-2020-15240 Regression in JWT Signature Validation
omniauth-auth0 rubygems versions = 2.3.0 and 2.4.1 improperly validate the JWT token signature when using the jwtvalidator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all ...
CVE-2020-15240
Summary: The vulnerability CVE-2020-15240 affects the Ruby gem omniauth-auth0 (versions >= 2.3.0 and
CVE-2020-15240
omniauth-auth0 rubygems versions = 2.3.0 and 2.4.1 improperly validate the JWT token signature when using the jwtvalidator.verify method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all ...
CVE-2018-8971
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users...