Skip to main content

Oauth2

2 CVEs product

Monthly

CVE-2023-49104 MEDIUM This Month

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-31999 npm HIGH POC PATCH This Week

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Oauth2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Oauth2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy