Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid connect vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-9837
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x prior to 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none val...
Openid Openid Connect
6.8
CVSSv3
CVE-2020-26244
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but on...
Python Openid Connect Project Python Openid Connect
7.5
CVSSv3
CVE-2022-39387
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can th...
Xwiki Openid Connect
8.8
CVSSv3
CVE-2023-24424
Jenkins OpenId Connect Authentication Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid Connect Authentication
4.3
CVSSv3
CVE-2019-1003021
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and previous versions in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. ...
Jenkins Openid Connect Authentication
6.1
CVSSv3
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is appli...
Auth0 Express Openid Connect
8.8
CVSSv3
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session f...
Auth0 Express Openid Connect
5.4
CVSSv3
CVE-2022-39338
user_oidc is an OpenID Connect user backend for Nextcloud. Versions before 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally...
Nextcloud Openid Connect User Backend
4.3
CVSSv3
CVE-2022-39339
user_oidc is an OpenID Connect user backend for Nextcloud. In versions before 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compr...
Nextcloud Openid Connect User Backend
6.1
CVSSv3
CVE-2023-50771
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openid
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »