4 matches found
CVE-2020-15223
CVE-2020-15223 affects ORY Fosite (Go) prior to 0.34.0, where TokenRevocationHandler ignores errors from storage. This can cause a revoked token to still appear valid, potentially producing 200 responses even when revocation failed, depending on the ability to trigger storage errors. The issue is...
CVE-2020-15234
CVE-2020-15234 affects ORY Fosite (Go). Before v0.34.1, the OAuth 2.0 Client’s registered redirect URLs and the redirect URL at the Authorization Endpoint were compared using strings.ToLower instead of a strict string match. This may allow an attacker to register a redirect URL like https://examp...
CVE-2020-15233
Summary: CVE-2020-15233 affects ORY Fosite
CVE-2020-15222
ORY Fosite (Go) prior to v0.31.0 did not check jti uniqueness when using private_key_jwt client authentication, enabling possible replay of token requests. OpenID Connect requires a unique jti to prevent reuse; this vulnerability is addressed in v0.31.0. Other connected records (RH, OSV, GHSA, CV...