5 matches found
Improper Validation Of OAuth State Tokens
github.com/mattermost/mattermost-server is vulnerable to improper validation of OAuth state tokens. The vulnerability is due to insufficient validation during the OpenID Connect OAuth flow, which allows an attacker to manipulate authentication data and take over a user account under specific...
Cross-Site Request Forgery (CSRF)
fastapiusers is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to stateless and predictable OAuth state tokens with no session binding or per-request entropy, which allows an attacker to initiate an OAuth flow, reuse a valid state token, and trick a victim into completing...
CVE-2025-68481
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...
CVE-2025-68481
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...
CVE-2025-68481 FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flo...