Connect Security Vulnerabilities and Issues — Connect CVE List

Lucene search

MitreidConnect

3 matches found

CVE•added 2020/01/04 3:15 a.m.•191 views

CVE-2020-5497

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.

6.1CVSS6.2AI score0.00571EPSS

CVE•added 2021/02/23 6:15 p.m.•61 views

CVE-2021-27582

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in w...

9.1CVSS9.1AI score0.00616EPSS

CVE•added 2021/03/25 9:15 a.m.•60 views

CVE-2021-26715

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP requ...

9.1CVSS9.2AI score0.00552EPSS