Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2024/07/08 6:41 p.m.33 views

Directus Allows Single Sign-On User Enumeration

Impact When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user...

7.5CVSS6.8AI score0.00506EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2024/03/06 10:51 a.m.17 views

BIT-ARGO-CD-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

4.8CVSS4.7AI score0.00535EPSS
Exploits0References2
OSV
OSVadded 2021/03/03 10:15 a.m.14 views

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

4.8CVSS5.9AI score
Exploits0References2
Cvelist
Cvelistadded 2021/03/03 9:55 a.m.13 views

CVE-2021-23347 Cross-site Scripting (XSS)

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

4.7CVSS5.1AI score0.00535EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2021/03/03 9:52 a.m.3 views

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

4.8CVSS5.4AI score0.00535EPSS
Exploits0References3
Hacker One
Hacker Oneadded 2020/05/22 12:21 p.m.21 views

Courier: SSO Provider Credential Cache (logged out of Google/GitHub, could still log into Courier)

After researching this further, our authentication provider Amazon's AWS Cognito caches the access token provided by Google, GitHub, and other SSO providers within their system for up to an hour and does not check against the SSO provider's API again until that cache has expired. We did verify th...

2.4AI score
Exploits0
Hacker One
Hacker Oneadded 2020/05/02 12:26 a.m.9 views

Slack: Workspace configuration metadata disclosure

Slack allows users to create a Workspace using the Get Started page, located at https://slack.com/get-started/create. This process uses workspace metadata to direct the user-provided email address to existing Slack accounts. However, if a domain pertaining to an Enterprise customer is submitted...

1.6AI score
Exploits0
Rows per page
Query Builder