Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33005
Jenkins WSO2 Oauth Plugin 1.0 and previous versions does not invalidate the previous session on login.
Jenkins Wso2 Oauth
NA
CVE-2023-33006
A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Wso2 Oauth
4.3
CVSSv2
CVE-2019-1003018
An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and previous versions in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. mali...
Jenkins Github Oauth
4.3
CVSSv2
CVE-2019-1003019
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and previous versions in GithubSecurityRealm.java that allows unauthorized malicious users to impersonate another user if they can control the pre-authentication session.
Jenkins Github Oauth
NA
CVE-2023-45144
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and ...
Xwiki Oauth Identity
5.8
CVSSv2
CVE-2019-10372
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and previous versions in GitLabSecurityRealm.java allows malicious users to redirect users to a URL outside Jenkins after successful login.
Jenkins Gitlab Oauth
5
CVSSv2
CVE-2019-10371
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and previous versions in GitLabSecurityRealm.java allows unauthorized malicious users to impersonate another user if they can control the pre-authentication session.
Jenkins Gitlab Oauth
NA
CVE-2022-4148
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
Dash10 Oauth Server
2.1
CVSSv2
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and previous versions stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Bitbucket Oauth
NA
CVE-2022-3894
The WP OAuth Server (OAuth Authentication) WordPress plugin prior to 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow malicious users to make a logged in admin delete arbitrary client ...
Dash10 Oauth Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »