Lucene search
K

8 matches found

Veracode
Veracode
added 2025/05/08 8:58 a.m.17 views

PKCE Bypass

@cloudflare/workers-oauth-provider is vulnerable to PKCE bypass. The vulnerability is due to missing enforcement of PKCE verification caused by a flaw in the OAuth implementation that lets attackers skip the code challenge check, allowing an attacker to intercept and redeem authorization codes fo...

9.8CVSS6.7AI score0.00491EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/01 5:1 p.m.25 views

@cloudflare/workers-oauth-provider PKCE bypass via downgrade attack

Summary PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework. However, it was found that an attacker could cause the check to be skipped. Impact PKCE is a defense-in-depth mechanism against certain kinds of attacks and was an optional extension ...

9.8CVSS6.9AI score0.00491EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/05/01 5:1 p.m.10 views

GHSA-QGP8-V765-QXX9 @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack

Summary PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework. However, it was found that an attacker could cause the check to be skipped. Impact PKCE is a defense-in-depth mechanism against certain kinds of attacks and was an optional extension ...

5.3CVSS7.1AI score0.00491EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/01 3:31 a.m.15 views

Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...

9.8CVSS6.9AI score0.00491EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/05/01 3:31 a.m.10 views

GHSA-VH4H-FVQF-Q9WV Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qgp8-v765-qxx9. This link is maintained to preserve external references. Original Description PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework...

5.3CVSS6.9AI score0.00491EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/01 12:50 a.m.10 views

CVE-2025-4144 PKCE bypass via downgrade attack

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

5.3CVSS6.9AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/01 12:50 a.m.48 views

CVE-2025-4144 PKCE bypass via downgrade attack

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

5.3CVSS0.00491EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.6 views

PT-2025-18345 · Unknown · Workers-Oauth-Provider

Name of the Vulnerable Software and Affected Versions: workers-oauth-provider affected versions not specified Description: The issue is related to the OAuth implementation in workers-oauth-provider, part of the MCP framework. An attacker could cause the PKCE check to be skipped, completely...

9.8CVSS5.8AI score0.00491EPSS
Exploits0References11
Rows per page
Query Builder