Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2024/04/08 2:26 p.m.10 views

CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery CSRF validation when calling refresh token mutation with empty string. When a user provides an empty string...

4.2CVSS7.2AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/08 2:26 p.m.33 views

CVE-2024-31205 Saleor CSRF bypass in refreshToken mutation

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery CSRF validation when calling refresh token mutation with empty string. When a user provides an empty string...

4.2CVSS4.9AI score0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/11 7:42 p.m.6 views

CVE-2023-22492 RefreshToken invalidation vulnerability

ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...

5.9CVSS5.9AI score0.00599EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/01/11 6:27 p.m.48 views

Zitadel RefreshToken invalidation vulnerability

Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...

5.9CVSS5.6AI score0.00599EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/09/16 7:2 a.m.12 views

Insecure Authentication

authmagic-timerange-stateless-core uses insecure authentication. When comparing signatures in the JSON web token JWT and refreshToken, the package does not verify the JWT token sent by user before reissuing a new token, allowing an attacker to forge a user's identity by modifying the payload and...

2.2AI score
Exploits0
Rows per page
Query Builder