A flaw was found in Envoy. The OAuth filter does not include an implementation for validating access tokens, allowing remote attackers to bypass authentication to Envoy by providing any token value. # ...
Continue Reading30 июня, 2022
A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on ...
Continue Reading30 июня, 2022
[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh8m9yPyQTROHzU6yaOfRCvvE1ttZtSWBt7zSs32eXcUBO-f2bI4BWxc5kijrdg3PkPXX-auqTUQK3SOMjcMTJFPZMoFCrVmdJgIbi-lkxlxA6KHu-Yp4t_olUhadq8pdCBhv5tYwF ...
Continue Reading30 июня, 2022
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to ...
Continue Reading29 июня, 2022
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...
Continue Reading28 июня, 2022
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...
Continue Reading28 июня, 2022
Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth Single Sign On SSO (OAuth Client) plugin (versions Read More ...
Continue Reading27 июня, 2022
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...
Continue Reading23 июня, 2022
Back to Main