3 matches found
Account Hijacking
joelbutcher/socialstream is vulnerable to insufficient confirmation during account linking. The vulnerability is due to the lack of a confirmation step during account linking and the use of -stateless in the Socialite configuration, which bypasses state verification, allowing an attacker to link...
CVE-2024-56329 Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...
GHSA-3Q97-VJPP-C8RP Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
Description When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if -stateless is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure th...