Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-3218
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x prior to 6.3 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified Ope...
Drupal Drupal
Fedoraproject Fedora 8
Fedoraproject Fedora 9
4.3
CVSSv2
CVE-2021-32785
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions before 2.4.9 are configured to use an unencrypted R...
Openidc Mod Auth Openidc
Netapp Cloud Backup -
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-5497
The OpenID Connect reference implementation for MITREid Connect up to and including 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.
Mitreid Connect
6.4
CVSSv2
CVE-2021-27582
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect up to and including 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the...
Mitreid Connect
1 Github repository
6.8
CVSSv2
CVE-2017-4963
An issue exists in Cloud Foundry Foundation Cloud Foundry release v252 and previous versions versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to auth...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Uaa-release
Pivotal Software Cloud Foundry Cf-release
1 Github repository
7.5
CVSSv2
CVE-2018-1851
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execu...
Ibm Websphere Application Server
NA
CVE-2024-21637
Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escal...
Goauthentik Authentik
NA
CVE-2023-2182
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 15.10.5, all versions starting from 15.11 prior to 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external...
Gitlab Gitlab 15.11.0
Gitlab Gitlab
NA
CVE-2024-24814
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value make...
2.6
CVSSv2
CVE-2009-5085
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 prior to 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote malicious users to bypas...
Ibm Tivoli Federated Identity Manager 6.2.0
Ibm Tivoli Federated Identity Manager 6.2.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »