Security
Headlines
HeadlinesLatestCVEs

Tag

#oauth

CVE-2020-26938: Multiple Security Vulnerabilities in Auth and Token Endpoint · Issue #637 · oauthjs/node-oauth2-server

In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.

CVE
Open in Source
#xss#vulnerability#js#oauth#auth
CVE-2022-36034: nitrado.js/CHANGELOG.md at v0.2.5 · cainthebest/nitrado.js

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.

CVE-2022-2569

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users

CVE-2022-36379: ЮKassa для WooCommerce

Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.

CVE-2022-34149: WP OAuth Server ( Login with WordPress )

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

CVE-2022-34858: OAuth 2.0 client for SSO by miniOrange WordPress plugin Authentication Bypass

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

CVE-2022-34858: WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability - Patchstack

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

Red Hat Security Advisory 2022-6051-01

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

RHSA-2022:6051: Red Hat Security Advisory: Logging Subsystem 5.5.0 - Red Hat OpenShift security update

An update is now available for RHOL-5.5-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read