Lucene search
Veracode Vulnerability DatabaseVERACODE:3331HistoryJan 26, 2017 - 1:44 a.m.
Cross-Site Request Forgery (CSRF) Via Leakage Of Authenticity Token
2017-01-2601:44:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.002
Percentile
55.8%
omniauth is susceptible to cross-site request forgery attacks. The attacks are possible because it stores POST parameters in addition to GET parameters in callback phase, thereby exposing authenticity_tokens from the POST parameters and leading to bypass of cross-site request forgery protection.
Related
osv
osv
CVE-2017-18076
2018-01-26 19:29:00
ruby-omniauth - security update
2018-02-09 00:00:00
Omniauth allows POST parameters to be stored in session
2018-01-29 15:45:28
cve
cve
CVE-2017-18076
2018-01-26 19:29:00
nessus
nessus
Debian DSA-4109-1 : ruby-omniauth - security update
2018-02-12 00:00:00
debian
debian
[SECURITY] [DSA 4109-1] ruby-omniauth security update
2018-02-10 02:35:38
[SECURITY] [DSA 4109-1] ruby-omniauth security update
2018-02-10 02:35:38
debiancve
debiancve
CVE-2017-18076
2018-01-26 19:29:00
ubuntucve
ubuntucve
CVE-2017-18076
2018-01-26 00:00:00
prion
prion
Session fixation
2018-01-26 19:29:00
openvas
openvas
Debian: Security Advisory (DSA-4109-1)
2018-02-08 00:00:00
cvelist
cvelist
CVE-2017-18076
2018-01-26 19:00:00
github
github
Omniauth allows POST parameters to be stored in session
2018-01-29 15:45:28
nvd
nvd
CVE-2017-18076
2018-01-26 19:29:00
rubygems
rubygems
omniauth leaks authenticity token in callback params
2017-01-10 21:00:00