Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Hacker One
Hacker Oneadded 2022/11/25 11:50 a.m.26 views

Nextcloud: OAuth2 "authorization_code" is valid indefinetly

A security advisory reported that the OAuth2 endpoint was not following best practices, as the authorization code was generated without a timeout, allowing an attacker with access to obtain and redeem the code in the future...

3.7CVSS4.3AI score0.00452EPSS
Exploits0
OSV
OSVadded 2022/10/31 8:15 p.m.28 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1CVSS8.8AI score0.01011EPSS
Exploits0References2
OSV
OSVadded 2022/06/29 2:15 p.m.25 views

CVE-2020-26877

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...

6.1CVSS6.7AI score
Exploits0References3
NVD
NVDadded 2022/06/29 2:15 p.m.27 views

CVE-2020-26877

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...

6.1CVSS0.00661EPSS
Exploits0References3
Prion
Prionadded 2022/06/29 2:15 p.m.22 views

Authorization

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect...

5.8CVSS6.4AI score0.15621EPSS
Exploits4References3Affected Software1
CVE
CVEadded 2022/06/29 1:15 p.m.73 views

CVE-2020-26877

CVE-2020-26877 affects ApiFest OAuth 2.0 Server 0.3.1 and is caused by not validating the redirect_uri per RFC 6749, enabling an open redirect where an attacker-controlled redirect_uri can receive an authorization code. This is described as an open redirector vulnerability and is related to CVE-2...

6.1CVSS6.3AI score0.00661EPSS
Exploits0References3Affected Software1
Into the symmetry
Into the symmetryadded 2018/12/11 1:58 p.m.136 views

Persistent XSRF on Kubernetes Dashboard using Redhat Keycloak Gatekeeper on Microsof Azure

tl;dr I found an XSRF in the OAuth implementation of Redhat Keycloak Gatekeeper. This would be a bit worse for people using Gatekeeper to protect their Kubernetes Dashboard especially in Microsof Azure. The Issue in Keycloak Gatekeeper Keycloak Gatekeeper is an OpenID Proxy service for Keycloak, ...

7.2AI score
Exploits0
Rows per page
Query Builder