Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-24214
The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuratio...
Daggerhartlab Openid Connect Generic Client 3.8.1
Daggerhartlab Openid Connect Generic Client 3.8.0
NA
CVE-2013-1812
The ruby-openid gem prior to 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Janrain Ruby-openid 2.2.0
Janrain Ruby-openid
6.7
CVSSv3
CVE-2023-50770
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of tha...
Jenkins Openid
6.1
CVSSv3
CVE-2023-50771
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openid
6.5
CVSSv3
CVE-2019-1003098
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Openid
6.1
CVSSv3
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Jenkins Openid
9.8
CVSSv3
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid
8.8
CVSSv3
CVE-2023-24446
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Openid
6.5
CVSSv3
CVE-2019-1003099
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Openid
8.8
CVSSv3
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote malicious users to hijack the authentication of arbitrary users via v...
Janrain Php-openid
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »