Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25128
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an malicious user to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability co...
4
CVSSv2
CVE-2019-14407
cPanel prior to 78.0.2 reveals internal data to OpenID providers (SEC-415).
Cpanel Cpanel
1 Github repository
7.5
CVSSv2
CVE-2014-1475
The OpenID module in Drupal 6.x prior to 6.30 and 7.x prior to 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.17
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.10
Drupal Drupal 7.12
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
Drupal Drupal 7.24
Drupal Drupal 7.14
Drupal Drupal 7.23
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 6.14
Drupal Drupal 6.24
6.4
CVSSv2
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association ...
Zend Zendopenid
Zend Zend Framework
4
CVSSv2
CVE-2019-14408
cPanel prior to 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).
Cpanel Cpanel
5
CVSSv2
CVE-2021-45325
Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
Gitea Gitea
4.9
CVSSv2
CVE-2018-20914
In cPanel prior to 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
Cpanel Cpanel
7.5
CVSSv2
CVE-2014-2685
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote malicious users to bypas...
Zend Zend Framework 1.10.6
Zend Zend Framework 1.10.0
Zend Zend Framework 1.12.0
Zend Zend Framework 1.11.0
Zend Zend Framework 1.10.3
Zend Zend Framework 1.11.4
Zend Zend Framework 1.7.4
Zend Zend Framework 1.7.5
Zend Zend Framework 1.10.5
Zend Zend Framework 1.11.11
Zend Zend Framework 1.10.8
Zend Zend Framework 1.12.2
Zend Zend Framework 1.5.0
Zend Zend Framework 1.9.6
Zend Zend Framework 1.8.3
Zend Zend Framework 1.7.6
Zend Zend Framework 1.8.0
Zend Zend Framework 1.11.5
Zend Zend Framework 1.8.4
Zend Zend Framework 1.7.2
Zend Zend Framework 1.0.0
Zend Zend Framework 1.6.0
5.8
CVSSv2
CVE-2021-20278
An authentication bypass vulnerability was found in Kiali in versions prior to 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used...
Kiali Kiali
5.8
CVSSv2
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openi...
Openidc Mod Auth Openidc
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »