Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-1000024
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
Gnome Shotwell
2.3
CVSSv3
CVE-2019-10165
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.
Redhat Openshift Container Platform
9.8
CVSSv3
CVE-2021-42837
An issue exists in Talend Data Catalog prior to 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed...
Talend Data Catalog
3.7
CVSSv3
CVE-2024-22403
Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minut...
Nextcloud Nextcloud Server
6.5
CVSSv3
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploi...
Redhat Openshift
1 Github repository
6.3
CVSSv3
CVE-2019-3876
A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow fo...
Redhat Openshift Container Platform
7.2
CVSSv3
CVE-2017-18096
The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 prior to 5.3.4 and from 5.4.0 prior to 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SS...
Atlassian Application Links
7.5
CVSSv3
CVE-2013-4120
Katello has a Denial of Service vulnerability in API OAuth authentication
Theforeman Katello -
7.5
CVSSv3
CVE-2019-6788
An issue exists in GitLab Community and Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1. It allows Information Disclosure (issue 3 of 6). For installations using GitHub or Bitbucket OAuth integrations, it is possible to use a covert redirect...
Gitlab Gitlab
2 Github repositories
4.8
CVSSv3
CVE-2023-34224
In JetBrains TeamCity prior to 2023.05 open redirect during oAuth configuration was possible
Jetbrains Teamcity
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »