Skip to main content

Fosite

4 CVEs product

Monthly

CVE-2020-15234 Go MEDIUM PATCH This Month

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fosite
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-15233 Go MEDIUM PATCH This Month

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fosite
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2020-15223 Go HIGH PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Fosite
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2020-15222 Go HIGH POC PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fosite
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fosite
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fosite
NVD GitHub
EPSS 2% CVSS 8.0
HIGH PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Fosite
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fosite
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy