8 matches found
PKCE Bypass
@cloudflare/workers-oauth-provider is vulnerable to PKCE bypass. The vulnerability is due to missing enforcement of PKCE verification caused by a flaw in the OAuth implementation that lets attackers skip the code challenge check, allowing an attacker to intercept and redeem authorization codes fo...
@cloudflare/workers-oauth-provider PKCE bypass via downgrade attack
Summary PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework. However, it was found that an attacker could cause the check to be skipped. Impact PKCE is a defense-in-depth mechanism against certain kinds of attacks and was an optional extension ...
GHSA-QGP8-V765-QXX9 @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack
Summary PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework. However, it was found that an attacker could cause the check to be skipped. Impact PKCE is a defense-in-depth mechanism against certain kinds of attacks and was an optional extension ...
Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...
GHSA-VH4H-FVQF-Q9WV Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...
CVE-2025-4144 PKCE bypass via downgrade attack
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...
CVE-2025-4144 PKCE bypass via downgrade attack
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...
PT-2025-18345 · Unknown · Workers-Oauth-Provider
Name of the Vulnerable Software and Affected Versions: workers-oauth-provider affected versions not specified Description: The issue is related to the OAuth implementation in workers-oauth-provider, part of the MCP framework. An attacker could cause the PKCE check to be skipped, completely...