Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-1812
The ruby-openid gem prior to 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Fedoraproject Fedora 18
Fedoraproject Fedora 17
Janrain Ruby-openid
Janrain Ruby-openid 2.2.0
NA
CVE-2023-50770
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of tha...
Jenkins Openid
NA
CVE-2023-50771
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openid
NA
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid
NA
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Jenkins Openid
NA
CVE-2023-24446
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Openid
4.3
CVSSv2
CVE-2019-1003098
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Openid
4
CVSSv2
CVE-2019-1003099
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Openid
5
CVSSv2
CVE-2008-0570
The OpenID 5.x-1.0 and previous versions module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
Drupal Openid 5
7.5
CVSSv2
CVE-2021-22851
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
Hgiga Oaklouds Openid
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »