Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auth0 vulnerabilities and exploits
(subscribe to this query)
231
VMScore
CVE-2022-29172
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields” feature [is configured](https://github.com/a...
Auth0 Lock
NA
CVE-2022-23541
jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect veri...
Auth0 Jsonwebtoken
383
VMScore
CVE-2019-20174
Auth0 Lock prior to 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
Auth0 Lock
312
VMScore
CVE-2020-15119
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
Auth0 Lock
383
VMScore
CVE-2021-32641
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is inco...
Auth0 Lock
670
VMScore
CVE-2015-9235
In jsonwebtoken node module prior to 4.2.2 it is possible for an malicious user to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
Auth0 Jsonwebtoken
7 Github repositories
668
VMScore
CVE-2019-13483
Auth0 Passport-SharePoint prior to 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows malicious users to forge tokens and bypass authentication and authorization mechanisms.
Auth0 Passport-sharepoint
383
VMScore
CVE-2018-11537
Auth0 angular-jwt prior to 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
Auth0 Angular-jwt
383
VMScore
CVE-2020-15084
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affe...
Auth0 Express-jwt
NA
CVE-2022-23505
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions before 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker i...
Auth0 Passport-wsfed-saml2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »