Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34224
In JetBrains TeamCity prior to 2023.05 open redirect during oAuth configuration was possible
Jetbrains Teamcity
NA
CVE-2023-2585
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or poss...
Redhat Single Sign-on 7.6
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Z 4.9
Redhat Openshift Container Platform For Ibm Z 4.10
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on -
383
VMScore
CVE-2016-0781
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions before 1.6.20 are vulnerable to an XSS attack by specifying malicious java script ...
Pivotal Software Cloud Foundry Elastic Runtime 1.6.3
Pivotal Software Cloud Foundry Elastic Runtime 1.6.4
Pivotal Software Cloud Foundry Elastic Runtime 1.6.5
Pivotal Software Cloud Foundry Elastic Runtime 1.6.6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.19
Pivotal Software Cloud Foundry Uaa 3.0.0
Pivotal Software Cloud Foundry Uaa 3.0.1
Pivotal Software Cloud Foundry Uaa 3.1.0
Pivotal Software Cloud Foundry 219
Pivotal Software Cloud Foundry 220
Pivotal Software Cloud Foundry 221
Pivotal Software Cloud Foundry 222
Pivotal Software Login-server -
Cloudfoundry Cloud Foundry Uaa Bosh 6
Pivotal Software Cloud Foundry Elastic Runtime 1.6.0
Pivotal Software Cloud Foundry Elastic Runtime 1.6.2
Pivotal Software Cloud Foundry Elastic Runtime 1.6.7
Pivotal Software Cloud Foundry Elastic Runtime 1.6.9
Pivotal Software Cloud Foundry Elastic Runtime 1.6.16
Pivotal Software Cloud Foundry Elastic Runtime 1.6.18
Pivotal Software Cloud Foundry Uaa 3.2.0
Pivotal Software Cloud Foundry 208
445
VMScore
CVE-2020-11691
In JetBrains Hub prior to 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
Jetbrains Hub
383
VMScore
CVE-2020-10187
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an malicious user to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to reque...
Doorkeeper Project Doorkeeper
383
VMScore
CVE-2021-37859
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.
Mattermost Mattermost
NA
CVE-2024-27083
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject...
605
VMScore
CVE-2019-10315
Jenkins GitHub Authentication Plugin 0.31 and previous versions did not use the state parameter of OAuth to prevent CSRF.
Jenkins Github Authentication
NA
CVE-2023-26451
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, othe...
Open-xchange Open-xchange Appsuite Backend
NA
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security prior to 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable n...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »