Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted...Read More ...
Continue Reading
February 06, 2024
Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time ...
Continue Reading
February 05, 2024
I'd hate to be labeled a "car guy" now mentioning my new electric car in the lede of two newsletters in a row, but I couldn't resist. I'd been reading headlines for ye ...
Continue Reading
February 01, 2024
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth re ...
Continue Reading
February 01, 2024
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth re ...
Continue Reading
February 01, 2024
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an ac ...
Continue Reading
February 01, 2024
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an ac ...
Continue Reading
February 01, 2024
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param i ...
Continue Reading
February 01, 2024
Back to Main
