Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auth0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-16929
Auth0 auth0.net prior to 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
Auth0 Auth0.net
5.8
CVSSv2
CVE-2020-15240
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an malicious user to bypass authentication and authorization. You are a...
Auth0 Omniauth-auth0
5.8
CVSSv2
CVE-2021-43812
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions prior to 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to up...
Auth0 Nextjs-auth0
5
CVSSv2
CVE-2017-17068
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an malicious user to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses ...
Auth0 Auth0.js
4
CVSSv2
CVE-2020-5263
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the use...
Auth0 Auth0.js
6.8
CVSSv2
CVE-2020-5391
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin prior to 4.0.0 for WordPress via the domain field.
Auth0 Wp-auth0
4.3
CVSSv2
CVE-2020-5392
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin prior to 4.0.0 for WordPress via the settings page.
Auth0 Wp-auth0
4.3
CVSSv2
CVE-2021-32702
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then ...
Auth0 Nextjs-auth0
7.5
CVSSv2
CVE-2018-6873
The Auth0 authentication service prior to 2017-10-15 allows privilege escalation because the JWT audience is not validated.
Auth0 Auth0.js
6.8
CVSSv2
CVE-2018-6874
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
Auth0 Auth0.js
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »