41 matches found
GHSA-VH7G-P26C-J2CW Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Impact Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the...
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Impact Dex instances with public clients and by extension, clients accepting tokens issued by those Dex instances are affected by this vulnerability. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the...
Shopify: Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account
A vulnerability was discovered in the Shop App's Microsoft Outlook OAuth flow, where a malicious app could intercept the authorization code during authentication due to the use of deep links. This could allow an attacker to gain access to the victim's emails. The issue was mitigated by implementi...
GHSA-2M7H-86QQ-FP4V Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
Impact All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
Impact All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
Impact All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows...
Code Injection
Overview oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid...
Code Injection in oauth2-server
"oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
JFrog < 6.23.0 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 6.23.0. It is, therefore, affected by multiple vulnerabilities: - The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation. CVE-2017-18640 - The file...
CVE-2017-18924
oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
CVE-2017-18924
oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
CVE-2017-18924
oauth2-server aka node-oauth2-server through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not...
CVE-2017-18924
CVE-2017-18924 concerns oauth2-server (node-oauth2-server) up to version 3.1.1, which implements OAuth 2.0 without PKCE. The description states it does not prevent authorization code injection, similar to CVE-2020-7692, and notes the vendor’s stance that RFC7636 is an extension and the RFC 6749 c...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
Improper Authorization
Google OAuth Client is vulnerable to improper authorization. Due to a flaw in implementation for Proof Key for Code Exchange PKCE, the code sent by authorization server is not properly handled to authorize the client that issued the initial authorization request, allowing an attacker with a...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692 Improper Authorization
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
CVE-2020-7692
CVE-2020-7692 affects the Google OAuth Client Library for Java (com.google.oauth-client:google-oauth-client) prior to 1.31.0. The issue is that PKCE is not implemented per OAuth 2.0 RFC for native apps, meaning an authorization code could be intercepted by a malicious app and used to gain access ...