OAuth - API Security Blog

CVE-2022-36087

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An a ...

September 26, 2022

CVSS3 - MEDIUM

CVE-2022-3119

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

September 26, 2022

CVE-2022-32227

A cleartext transmission of sensitive information exists in Rocket.Chat Read More ...

September 23, 2022

CVE-2022-32217

A cleartext storage of sensitive information exists in Rocket.Chat Read More ...

September 23, 2022

New Spam Attack Abusing OAuth Apps to Target Microsoft Exchange Servers

By [Deeba Ahmed]() According to Microsoft 365 Defender Research Team, in an incident they analyzed, malicious OAuth applications were deployed on compromised cloud tenants, and eventually, attackers t ...

September 23, 2022

Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

[![GitHub Accounts](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi5t4qIuspOly41VkqIGxBNTTYamg7vYPQZcgJnycc1zOt19Qf76eUxC6Cz5C7V53NiakN79somwkn-1KcaDtQwv2ORSJ1G5nHKbVgFwu-ohe6iYch4Z-jIPldY ...

September 23, 2022

CVE-2022-39230

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

September 23, 2022

Hackers Using Malicious OAuth Apps to Take Over Email Servers

[![Malicious OAuth Apps](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiZDZeAfxlbWPq0TpD22d10zO49Z-ZI87DmzK77MsxJfFhb_45ZoO62lHDgdQ6yFkqqEEtmjSyTTr6FKHSRa7sjEJUW6u-lTYTthYYobg69OjLD6nJOVnd ...

September 22, 2022