Filtered by vendor Auth0
Subscribe
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6753 | 1 Auth0 | 1 Login By Auth0 | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. | |||||
| CVE-2020-5392 | 1 Auth0 | 1 Wp-auth0 | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. | |||||
| CVE-2020-5391 | 1 Auth0 | 1 Wp-auth0 | 2020-04-01 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. | |||||
| CVE-2019-20173 | 1 Auth0 | 1 Login By Auth0 | 2020-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. | |||||
| CVE-2019-20174 | 1 Auth0 | 1 Lock | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. | |||||
| CVE-2019-16929 | 1 Auth0 | 1 Auth0.net | 2019-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. | |||||
| CVE-2015-9235 | 1 Auth0 | 1 Jsonwebtoken | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | |||||
| CVE-2017-16897 | 1 Auth0 | 1 Passport-wsfed-saml2 | 2019-10-02 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response). | |||||
| CVE-2018-6873 | 1 Auth0 | 1 Auth0.js | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. | |||||
| CVE-2019-13483 | 1 Auth0 | 1 Passport-sharepoint | 2019-07-31 | 7.5 HIGH | 7.3 HIGH |
| Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms. | |||||
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2018-11-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | |||||
| CVE-2018-11537 | 1 Auth0 | 1 Angular-jwt | 2018-08-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | |||||
| CVE-2018-6874 | 1 Auth0 | 1 Auth0.js | 2018-05-15 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. | |||||
| CVE-2018-7307 | 1 Auth0 | 1 Auth0.js | 2018-03-28 | 6.8 MEDIUM | 8.8 HIGH |
| The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. | |||||