Signoz
Monthly
Session token theft in SigNoz through 0.133.0 lets unauthenticated attackers hijack any user account on instances configured with Google OAuth, SAML, or OIDC single sign-on. Because the unauthenticated sessions-context endpoint accepts an attacker-controlled 'ref' parameter that is embedded unvalidated into the SSO state/redirect, an attacker crafts a login URL that returns the victim's access and refresh tokens to an attacker-controlled host once the victim completes SSO. Reported by VulnCheck (CWE-601, open redirect), publicly available exploit code exists, though it is not listed in CISA KEV and EPSS was not provided.
Session token theft in SigNoz through 0.133.0 lets unauthenticated attackers hijack any user account on instances configured with Google OAuth, SAML, or OIDC single sign-on. Because the unauthenticated sessions-context endpoint accepts an attacker-controlled 'ref' parameter that is embedded unvalidated into the SSO state/redirect, an attacker crafts a login URL that returns the victim's access and refresh tokens to an attacker-controlled host once the victim completes SSO. Reported by VulnCheck (CWE-601, open redirect), publicly available exploit code exists, though it is not listed in CISA KEV and EPSS was not provided.