Skip to main content

Openid Connect

2 CVEs product

Monthly

CVE-2022-39387 Maven HIGH PATCH This Week

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openid Connect
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-9837 Ruby MEDIUM PATCH This Month

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Openid Connect
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openid Connect
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Openid Connect
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy