Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-21495
Versions of the package github.com/greenpau/caddy-security prior to 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable n...
8.7
CVSSv3
CVE-2017-18111
The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth a...
Atlassian Application Links
7.5
CVSSv3
CVE-2023-26451
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, othe...
Open-xchange Open-xchange Appsuite Backend
5.4
CVSSv3
CVE-2022-28133
Jenkins Bitbucket Server Integration Plugin 3.1.0 and previous versions does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.
Jenkins Bitbucket Server Integration
9.6
CVSSv3
CVE-2020-13292
In GitLab prior to 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
Gitlab Gitlab
5.4
CVSSv3
CVE-2016-3098
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and previous versions allows remote malicious users to hijack the user's OAuth autorization code.
Thoughtbot Administrate
5.3
CVSSv3
CVE-2022-32217
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.
Rocket.chat Rocket.chat
7.5
CVSSv3
CVE-2023-27891
rami.io pretix prior to 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.
Rami Pretix 4.16.0
Rami Pretix 4.17.0
Rami Pretix
6.1
CVSSv3
CVE-2017-8304
An issue exists on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
Accellion File Transfer Appliance
6.4
CVSSv3
CVE-2021-23927
OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »