Lucene search
Veracode Vulnerability DatabaseVERACODE:27645HistoryOct 22, 2020 - 6:19 a.m.
Authorization Bypass
2020-10-2206:19:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
omniauth-auth0
authorization bypass
jwt token signature
EPSS
0.003
Percentile
69.8%
omniauth-auth0 is vulnerable to authorization bypass. The vulnerability exists through a regression made in code that validates JWT token signatures, where it is possible to bypass authentication and authorization when the default Authorization Code Flow is not used.
Related
osv
osv
Regression in JWT Signature Validation
2020-11-03 02:31:38
CVE-2020-15240
2020-10-21 18:15:12
nvd
nvd
CVE-2020-15240
2020-10-21 18:15:12
rubygems
rubygems
Regression in JWT Signature Validation
2020-11-02 21:00:00
cvelist
cvelist
CVE-2020-15240 Regression in JWT Signature Validation
2020-10-21 17:25:14
ubuntucve
ubuntucve
CVE-2020-15240
2020-10-21 00:00:00
github
github
Regression in JWT Signature Validation
2020-11-03 02:31:38
cve
cve
CVE-2020-15240
2020-10-21 18:15:12
prion
prion
Authorization
2020-10-21 18:15:00
debiancve
debiancve
CVE-2020-15240
2020-10-21 18:15:12