Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2020-10706
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into ...
Redhat Openshift Container Platform -
2.1
CVSSv2
CVE-2019-10165
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.
Redhat Openshift Container Platform
7.5
CVSSv2
CVE-2021-42837
An issue exists in Talend Data Catalog prior to 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed...
Talend Data Catalog
NA
CVE-2024-22403
Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minut...
Nextcloud Nextcloud Server
NA
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploi...
Redhat Openshift
1 Github repository
4.3
CVSSv2
CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow fo...
Redhat Openshift Container Platform
4
CVSSv2
CVE-2017-18096
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 prior to 5.3.4 and from 5.4.0 prior to 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SS...
Atlassian Application Links
5
CVSSv2
CVE-2013-4120
Katello has a Denial of Service vulnerability in API OAuth authentication
Theforeman Katello -
5
CVSSv2
CVE-2019-6788
An issue exists in GitLab Community and Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect...
Gitlab Gitlab
2 Github repositories
NA
CVE-2023-34224
In JetBrains TeamCity prior to 2023.05 open redirect during oAuth configuration was possible
Jetbrains Teamcity
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »