Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the m ...

Continue Reading

May 22, 2025

oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error...Read More ...

Continue Reading

May 22, 2025

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations usi ...

Continue Reading

May 22, 2025

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...

Continue Reading

May 22, 2025

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reb ...

Continue Reading

May 22, 2025

oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states  ...

Continue Reading

May 22, 2025

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a...Read More ...

Continue Reading

May 22, 2025

Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth ...

Continue Reading

May 22, 2025