Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-3221
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x prior to 6.3 allows remote malicious users to perform administrative actions via vectors involving deletion of OpenID identities.
Drupal Drupal
Fedoraproject Fedora 8
Fedoraproject Fedora 9
NA
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Octopus Octopus Server
5
CVSSv2
CVE-2015-6926
The OpenID Single Sign-On authentication functionality in OXID eShop prior to 4.5.0 allows remote malicious users to impersonate users via the email address in a crafted authentication token.
Oxid-esales Eshop
5.8
CVSSv2
CVE-2020-15222
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", Open...
Ory Fosite
5
CVSSv2
CVE-2021-44878
If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the Open...
Pac4j Pac4j
7.5
CVSSv2
CVE-2019-4155
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.
Ibm Api Connect
NA
CVE-2023-32074
user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2
Nextcloud User Oidc
6.8
CVSSv2
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x prior to 6.33 and 7.x prior to 7.31 allows remote malicious users to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.16
Drupal Drupal 6.0
Drupal Drupal 7.4
Drupal Drupal 7.30
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.17
Drupal Drupal 7.16
5
CVSSv2
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 prior to 3.7.1 allows remote malicious users to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
Atlassian Crowd
5
CVSSv2
CVE-2008-7299
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 prior to 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.
Ibm Tivoli Federated Identity Manager 6.2.0
Ibm Tivoli Federated Identity Manager 6.2.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »