Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-22852
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.
Hgiga Oaklouds Openid
NA
CVE-2013-4701
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and previous versions allows remote malicious users to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in...
Janrain Php-openid
8.8
CVSSv3
CVE-2016-2049
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote malicious users to hijack the authentication of arbitrary users via v...
Janrain Php-openid
7.5
CVSSv3
CVE-2022-39387
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can th...
Xwiki Openid Connect
6.1
CVSSv3
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is appli...
Auth0 Express Openid Connect
NA
CVE-2011-3707
JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Auth/Yadis/Yadis.php and certain other files.
Janrain Php-openid 2.2.2
8.8
CVSSv3
CVE-2021-41246
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session f...
Auth0 Express Openid Connect
6.1
CVSSv3
CVE-2010-10002
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState le...
Simplesamlphp Simplesamlphp-module-openid
8.8
CVSSv3
CVE-2023-24424
Jenkins OpenId Connect Authentication Plugin 2.4 and previous versions does not invalidate the previous session on login.
Jenkins Openid Connect Authentication
4.3
CVSSv3
CVE-2019-1003021
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and previous versions in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. ...
Jenkins Openid Connect Authentication
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »