OAuth Single Sign On – SSO (OAuth Client) Enterprise < 48.4.9 – IdP Deletion via CSRF
Discription

The plugin does not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack

### PoC

The PoC will be displayed on March 14, 2023, to give users the time to update.Read More

Back to Main

Subscribe for the latest news: