Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
omniauth omniauth vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-16751
An issue exists in Devise Token Auth up to and including 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim&...
Devise Token Auth Project Devise Token Auth
9.8
CVSSv3
CVE-2022-1162
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2 allowing malicious users to potentially take over accounts
Gitlab Gitlab
3 Github repositories
1 Article
5.3
CVSSv3
CVE-2020-13314
A vulnerability exists in GitLab versions prior to 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages.
Gitlab Gitlab
5.9
CVSSv3
CVE-2017-17716
GitLab 9.4.x prior to 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab...
Gitlab Gitlab 9.4.1
Gitlab Gitlab 9.4.0
9.8
CVSSv3
CVE-2018-8971
The Auth0 integration in GitLab prior to 10.3.9, 10.4.x prior to 10.4.6, and 10.5.x prior to 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
Gitlab Gitlab
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-11430
OmniAuth OmnitAuth-SAML 1.9.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to p...
Omnitauth-saml Project Omnitauth-saml
4.3
CVSSv3
CVE-2017-0920
GitLab Community and Enterprise Editions prior to 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an malicious user to see every project name and their respective namespace on a ...
Gitlab Gitlab
9.8
CVSSv3
CVE-2017-11427
OneLogin PythonSAML 2.3.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to poten...
Onelogin Pythonsaml
13 Github repositories
9.8
CVSSv3
CVE-2017-11428
OneLogin Ruby-SAML 1.6.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potent...
Onelogin Ruby-saml
2 Github repositories
9.8
CVSSv3
CVE-2017-11429
Clever saml2-js 2.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially...
Clever Saml2-js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »