CVE-2023-32312

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

CVE-2023-32312 Client secret not mandatory in UmbracoIdentityExtensions

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

CVE-2023-32312

The CVE-2023-32312 entry concerns UmbracoIdentityExtensions, an Umbraco add-on for ASP.NET Identity integration. Affected versions expose endpoints to untrusted actors because client secrets are not required, enabling unsafe use of the implicit flow in non-SPA/multi-page scenarios. The root cause...

UmbracoIdentityExtensions 信息泄露漏洞

UmbracoIdentityExtensions is an Umbraco add-on package from Umbraco, Denmark. UmbracoIdentityExtensions suffers from an information disclosure vulnerability that stems from the fact that no client key is required, which could expose certain endpoints to untrusted participants...