Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auth0 vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2017-16897
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an malicious user to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML ...
Auth0 Passport-wsfed-saml2
NA
CVE-2022-23505
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions before 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker i...
Auth0 Passport-wsfed-saml2
6.8
CVSSv2
CVE-2020-15259
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine...
Auth0 Ad\\/ldap Connector
6.8
CVSSv2
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session f...
Auth0 Express Openid Connect
7.5
CVSSv2
CVE-2018-8971
The Auth0 integration in GitLab prior to 10.3.9, 10.4.x prior to 10.4.6, and 10.5.x prior to 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
Gitlab Gitlab
Debian Debian Linux 9.0
4
CVSSv2
CVE-2017-0920
GitLab Community and Enterprise Editions prior to 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an malicious user to see every project name and their respective namespace on a ...
Gitlab Gitlab
NA
CVE-2022-36051
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain po...
Zitadel Zitadel
NA
CVE-2023-22492
ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked o...
Zitadel Zitadel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4