Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
Octopus Octopus Server
NA
CVE-2008-3221
Cross-site request forgery (CSRF) vulnerability in Drupal 6.x prior to 6.3 allows remote malicious users to perform administrative actions via vectors involving deletion of OpenID identities.
Drupal Drupal
Fedoraproject Fedora 8
Fedoraproject Fedora 9
7.5
CVSSv3
CVE-2015-6926
The OpenID Single Sign-On authentication functionality in OXID eShop prior to 4.5.0 allows remote malicious users to impersonate users via the email address in a crafted authentication token.
Oxid-esales Eshop
8.1
CVSSv3
CVE-2020-15222
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", Open...
Ory Fosite
7.5
CVSSv3
CVE-2021-44878
If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the Open...
Pac4j Pac4j
9.8
CVSSv3
CVE-2019-4155
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.
Ibm Api Connect
9.8
CVSSv3
CVE-2023-32074
user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2
Nextcloud User Oidc
NA
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x prior to 6.33 and 7.x prior to 7.31 allows remote malicious users to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.16
Drupal Drupal 6.0
Drupal Drupal 7.4
Drupal Drupal 7.30
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.17
Drupal Drupal 7.16
7.5
CVSSv3
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 prior to 3.7.1 allows remote malicious users to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
Atlassian Crowd
NA
CVE-2008-7299
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 prior to 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.
Ibm Tivoli Federated Identity Manager 6.2.0
Ibm Tivoli Federated Identity Manager 6.2.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »