Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid connect vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31209
oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(...
6.1
CVSSv3
CVE-2016-0283
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 prior to 8.5.5.9 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Ibm Websphere Application Server 8.5.5.7
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.6
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.8
Ibm Websphere Application Server 8.5.5.2
4.3
CVSSv3
CVE-2023-44469
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG prior to 2.17.1 allows authenticated remote malicious users to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.
Lemonldap-ng Lemonldap
8.1
CVSSv3
CVE-2020-15222
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", Open...
Ory Fosite
7.5
CVSSv3
CVE-2021-44878
If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the Open...
Pac4j Pac4j
8.8
CVSSv3
CVE-2018-15121
An issue exists in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Auth0 Aspnet-owin -
Auth0 Aspnet -
9.8
CVSSv3
CVE-2019-15941
OpenID Connect Issuer in LemonLDAP::NG 2.x up to and including 2.0.5 may allow an malicious user to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with we...
Lemonldap-ng Lemonldap
Debian Debian Linux 10.0
NA
CVE-2024-37886
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.
7.5
CVSSv3
CVE-2021-32785
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions before 2.4.9 are configured to use an unencrypted R...
Openidc Mod Auth Openidc
Netapp Cloud Backup -
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2018-1851
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execu...
Ibm Websphere Application Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »