3 matches found
Authentication Bypass
@strapi/plugin-users-permissions is vulnerable to Authentication Bypass. The vulnerability is caused due to improper handling of Open Redirects and session tokens being sent as URL query parameters, allowing an unauthenticated attacker to retrieve third-party tokens with one user click...
CVE-2024-34065 @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Strapi is an open-source content management system. By combining two vulnerabilities an Open Redirect and session token sent as URL query parameter in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and...
GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku an...