Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1812
The ruby-openid gem prior to 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Fedoraproject Fedora 18
Fedoraproject Fedora 17
Janrain Ruby-openid
Janrain Ruby-openid 2.2.0
9.8
CVSSv3
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid
6.1
CVSSv3
CVE-2023-24445
Jenkins OpenID Plugin 2.4 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
Jenkins Openid
8.8
CVSSv3
CVE-2023-24446
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Openid
6.5
CVSSv3
CVE-2019-1003099
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Openid
6.7
CVSSv3
CVE-2023-50770
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of tha...
Jenkins Openid
6.1
CVSSv3
CVE-2023-50771
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openid
6.5
CVSSv3
CVE-2019-1003098
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows malicious users to initiate a connection to an attacker-specified server.
Jenkins Openid
NA
CVE-2008-0570
The OpenID 5.x-1.0 and previous versions module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
Drupal Openid 5
7.5
CVSSv3
CVE-2022-39387
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can th...
Xwiki Openid Connect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »