The plugin doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.Read More ...

Continue Reading

July 04, 2022

# CVE-2022-24342 JetBrains TeamCity - account takeover via CSRF ...Read More ...

Continue Reading

July 03, 2022

A flaw was found in Envoy. The OAuth filter does not include an implementation for validating access tokens, allowing remote attackers to bypass authentication to Envoy by providing any token value. # ...

Continue Reading

June 30, 2022

A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on ...

Continue Reading

June 30, 2022

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh8m9yPyQTROHzU6yaOfRCvvE1ttZtSWBt7zSs32eXcUBO-f2bI4BWxc5kijrdg3PkPXX-auqTUQK3SOMjcMTJFPZMoFCrVmdJgIbi-lkxlxA6KHu-Yp4t_olUhadq8pdCBhv5tYwF ...

Continue Reading

June 30, 2022

ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to ...

Continue Reading

June 29, 2022

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...

Continue Reading

June 28, 2022

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file o ...

Continue Reading

June 28, 2022