Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24428
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Bitbucket Oauth
NA
CVE-2022-3632
The OAuth Client by DigitialPixies WordPress plugin up to and including 1.1.0 does not have CSRF checks in some places, which could allow malicious users to make logged-in users perform unwanted actions.
Digitialpixies Oauth Client
187
VMScore
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and previous versions stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Bitbucket Oauth
NA
CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
Miniorange Wp Oauth Server
356
VMScore
CVE-2019-10436
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and previous versions allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.
Jenkins Google Oauth Credentials
NA
CVE-2022-34155
Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a up to and including 6.23.3.
Miniorange Oauth Single Sign On
605
VMScore
CVE-2018-15758
Spring Security OAuth, versions 2.3 before 2.3.4, and 2.2 before 2.2.3, and 2.1 before 2.1.3, and 2.0 before 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the app...
Pivotal Software Spring Security Oauth
516
VMScore
CVE-2020-26877
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whet...
Apifest Oauth 2.0 Server 0.3.1
NA
CVE-2023-1092
The OAuth Single Sign On Free WordPress plugin prior to 6.24.2, OAuth Single Sign On Standard WordPress plugin prior to 28.4.9, OAuth Single Sign On Premium WordPress plugin prior to 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin prior to 48.4.9 do not have CSRF chec...
Miniorange Oauth Single Sign On
NA
CVE-2023-1093
The OAuth Single Sign On WordPress plugin prior to 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow malicious users to make logged in admins delete all IdP via a CSRF attack
Miniorange Oauth Single Sign On
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »