Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture...Read More ...
Continue Reading
May 23, 2025
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery (CSRF) attacks where a resour ...
Continue Reading
May 23, 2025
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's...Read More ...
Continue Reading
May 23, 2025
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's...Read More ...
Continue Reading
May 23, 2025
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture...Read More ...
Continue Reading
May 23, 2025
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's...Read More ...
Continue Reading
May 23, 2025
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jen ...
Continue Reading
May 23, 2025
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user& ...
Continue Reading
May 23, 2025
Back to Main
