An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...
Continue ReadingJune 28, 2022
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...
Continue ReadingJune 28, 2022
Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth Single Sign On – SSO (OAuth Client) plugin (versions Read More ...
Continue ReadingJune 27, 2022
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...
Continue ReadingJune 23, 2022
# Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the `redirect` parameter and re ...
Continue ReadingJune 23, 2022
# Description Hi there, there is a stored XSS in Oauth application name. # Proof of Concept 1. Install a local instance of Autolab. 2. Go to `/oauth/applications` and create a new application with na ...
Continue ReadingJune 23, 2022
Team, May you all be well on your side of the screen. :) While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of con ...
Continue ReadingJune 23, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue ReadingJune 23, 2022
Back to Main