Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oauth vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-30527
Jenkins WSO2 Oauth Plugin 1.0 and previous versions stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Wso2 Oauth
6.5
CVSSv3
CVE-2023-30528
Jenkins WSO2 Oauth Plugin 1.0 and previous versions does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for malicious users to observe and capture it.
Jenkins Wso2 Oauth
6.1
CVSSv3
CVE-2019-10372
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and previous versions in GitLabSecurityRealm.java allows malicious users to redirect users to a URL outside Jenkins after successful login.
Jenkins Gitlab Oauth
9.8
CVSSv3
CVE-2022-34149
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
Miniorange Wp Oauth Server
6.5
CVSSv3
CVE-2019-10436
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and previous versions allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master.
Jenkins Google Oauth Credentials
5.3
CVSSv3
CVE-2022-2133
The OAuth Single Sign On WordPress plugin prior to 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows malicious users to log onto the site with the only knowledge of a user's email address.
Miniorange Oauth Single Sign On
8.8
CVSSv3
CVE-2022-34155
Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a up to and including 6.23.3.
Miniorange Oauth Single Sign On
6.5
CVSSv3
CVE-2023-1092
The OAuth Single Sign On Free WordPress plugin prior to 6.24.2, OAuth Single Sign On Standard WordPress plugin prior to 28.4.9, OAuth Single Sign On Premium WordPress plugin prior to 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin prior to 48.4.9 do not have CSRF chec...
Miniorange Oauth Single Sign On
6.5
CVSSv3
CVE-2023-1093
The OAuth Single Sign On WordPress plugin prior to 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow malicious users to make logged in admins delete all IdP via a CSRF attack
Miniorange Oauth Single Sign On
8.1
CVSSv3
CVE-2018-15758
Spring Security OAuth, versions 2.3 before 2.3.4, and 2.2 before 2.2.3, and 2.1 before 2.1.3, and 2.0 before 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the app...
Pivotal Software Spring Security Oauth
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »