Published: 09/07/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Subscribe to Oauth Client Library For Java

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client prior to 1.31.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google oauth client library for java

Debian Bug report logs - #988944 CVE-2020-7692 Package: src:google-oauth-client-java; Maintainer for src:google-oauth-client-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 21 May 2021 19:39:01 UTC Severity: grave Tags: securi ...

Synopsis Critical: OpenShift Container Platform 41051 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41051 is now available with updates to packages and ima ...

Synopsis Critical: OpenShift Container Platform 4956 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4956 is now available with updates to packages and image ...

Synopsis Moderate: OpenShift Container Platform 4956 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4956 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...

Synopsis Important: Jenkins and Jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

CWE-863 https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824 https://github.com/googleapis/google-oauth-java-client/issues/469 https://tools.ietf.org/html/rfc8252%23section-8.1 https://tools.ietf.org/html/rfc7636%23section-1 https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 https://lists.apache.org/thread.html/r3db6ac73e0558d64f0b664f2fa4ef0a865e57c5de20f8321d3b48678%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/reae8909b264d1103f321b9ce1623c10c1ddc77dba9790247f2c0c90f%40%3Ccommits.druid.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944 https://nvd.nist.gov

CVE-2020-7692

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect