44 matches found
CVE-2023-48228
authentik is an open-source identity provider. When initialising a oauth2 flow with a codechallenge and codemethod thus requesting PKCE, the single sign-on provider authentik must check if there is a matching and existing codeverifier during the token step. Prior to versions 2023.10.4 and 2023.8....
Design/Logic Flaw
authentik is an open-source identity provider. When initialising a oauth2 flow with a codechallenge and codemethod thus requesting PKCE, the single sign-on provider authentik must check if there is a matching and existing codeverifier during the token step. Prior to versions 2023.10.4 and 2023.8....
Tackling the OAuth2 Client component model in Spring Security
In Spring Security 5, we saw many developments in the OAuth2 story with the introduction of OAuth2 Resource Server and OAuth2 Client into the framework. Today, it is quite convenient to develop applications that are secured by OAuth2 using the features available in OAuth2 Resource Server...
Proposed Token Request Exceeds Available Funds Check Missing.
Lines of code Vulnerability details Impact The proposeStandard function in StandardFunding.sol contract does not include a direct check to ensure that the proposed tokens requested are less than or equal to the actual available funds for the distribution period. Instead, it only checks if the...
K61105950: iControl REST logs a plaintext password when the syntax of a cURL request is incorrect
Security Advisory Description The BIG-IP system logs the device password in plaintext. This issue occurs when the following condition is met: There are one or more syntax errors in the POST body of a REST token request. Impact Disclosure of the BIG-IP system's device password can lead to other...
SUSE CVE-2014-3520
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
Information Disclosure
github.com/Azure/aad-pod-identity is vulnerable to information disclosure. The vulnerability exists because server.go does not properly handle invalid token requests, allowing an attacker to bypass the NMI validation and send the token to IMDS in the cluster through the token request made with...
CVE-2022-23551
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
Cross site request forgery (csrf)
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
CVE-2022-23551 AAD Pod Identity obtaining token with backslash
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...
GHSA-4RG6-FM25-GC34 oauth2-server through 3.1.1 vulnerable to Open Redirect
In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern a-zA-Za-zA-Z0-9+.-+: before making a redirection. This allows a malicious client to pass an XSS payload...
CVE-2022-2133
The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address...
Authentication Bypass in hydra
Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...
Insecure Session Management
github.com/ory/fosite uses insecure session management. The vulnerability exists as it fails to validate the uniqueness of this jti value in privatekeyjwt client authentication method, allowing an attacker to send the same token request twice with the same jti assertion to get two access tokens...
CVE-2019-16386
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=randomharnessid request to get database schema information while using a low-privilege account. NOTE: The vendor states that this...
Cross-Site Scripting (XSS)
web-console is vulnerable to cross-site scripting. The vulnerability, caused by missing X-Frame-Options and CSRF protections, in the oauth/token/request endpoint could allow a remote attacker to retrieve a token for CLI usage when using non default configs...
web-console: XSS in OAuth server /oauth/token/request endpoint
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction ...
CVE-2019-11553
In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user coul...
Red Hat OpenShift OAuth server cross-site scripting vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat that supports building, testing, deploying, and running applications.OAuth server is one of the OAuth Open Authorization servers. A cross-site scripting vulnerability exists in the /oauth/token/request custom...
PT-2019-16750 · Red Hat · Openshift Oauth Server
Name of the Vulnerable Software and Affected Versions: OpenShift OAuth server affected versions not specified Description: A flaw was found in the "/oauth/token/request" custom endpoint of the OpenShift OAuth server, allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSR...