Search criteria
45 vulnerabilities by auth0
CVE-2025-67716 (GCVE-0-2025-67716)
Vulnerability from cvelistv5 – Published: 2025-12-11 00:21 – Updated: 2025-12-11 16:09
VLAI?
Summary
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0.
Severity ?
5.7 (Medium)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | nextjs-auth0 |
Affected:
>= 4.9.0, < 4.13.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T16:09:01.167357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T16:09:34.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nextjs-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.9.0, \u003c 4.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T00:21:27.687Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-mr6f-h57v-rpj5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-mr6f-h57v-rpj5"
},
{
"name": "https://github.com/auth0/nextjs-auth0/commit/35eb321de3345ccf23e8c0d6f66c9f2f2f57d26c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/nextjs-auth0/commit/35eb321de3345ccf23e8c0d6f66c9f2f2f57d26c"
}
],
"source": {
"advisory": "GHSA-mr6f-h57v-rpj5",
"discovery": "UNKNOWN"
},
"title": "Auth0 Next.js SDK has Improper Validation of Query Parameters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67716",
"datePublished": "2025-12-11T00:21:27.687Z",
"dateReserved": "2025-12-10T17:47:36.418Z",
"dateUpdated": "2025-12-11T16:09:34.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67490 (GCVE-0-2025-67490)
Vulnerability from cvelistv5 – Published: 2025-12-10 22:16 – Updated: 2025-12-11 15:38
VLAI?
Summary
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Severity ?
5.4 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | nextjs-auth0 |
Affected:
>= 4.12.0, < 4.12.1
Affected: >= 4.11.0, < 4.11.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:38:23.260812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:38:34.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nextjs-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.12.0, \u003c 4.12.1"
},
{
"status": "affected",
"version": "\u003e= 4.11.0, \u003c 4.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T22:16:08.262Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-wcgj-f865-c7j7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-wcgj-f865-c7j7"
},
{
"name": "https://github.com/auth0/nextjs-auth0/commit/26cc8a7c60f4b134700912736f991a25bd6bbf0b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/nextjs-auth0/commit/26cc8a7c60f4b134700912736f991a25bd6bbf0b"
}
],
"source": {
"advisory": "GHSA-wcgj-f865-c7j7",
"discovery": "UNKNOWN"
},
"title": "Auth0 Next.js SDK has Improper Request Caching Lookup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67490",
"datePublished": "2025-12-10T22:16:08.262Z",
"dateReserved": "2025-12-08T18:49:47.486Z",
"dateUpdated": "2025-12-11T15:38:34.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65945 (GCVE-0-2025-65945)
Vulnerability from cvelistv5 – Published: 2025-12-04 18:45 – Updated: 2025-12-05 18:31
VLAI?
Summary
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.
Severity ?
7.5 (High)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T18:31:41.971989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T18:31:52.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "node-jws",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.3"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c= 4.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T18:45:37.517Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
},
{
"name": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
}
],
"source": {
"advisory": "GHSA-869p-cjfg-cm3x",
"discovery": "UNKNOWN"
},
"title": "auth0/node-jws improper HMAC signature verification vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65945",
"datePublished": "2025-12-04T18:45:37.517Z",
"dateReserved": "2025-11-18T16:14:56.691Z",
"dateUpdated": "2025-12-05T18:31:52.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58769 (GCVE-0-2025-58769)
Vulnerability from cvelistv5 – Published: 2025-10-01 19:57 – Updated: 2025-10-01 20:09
VLAI?
Summary
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. The vulnerability affects any application that either directly uses the Auth0-PHP SDK (versions 3.3.0–8.16.0) or indirectly relies on those versions through the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs. This issue is fixed in version 8.17.0.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | laravel-auth0 |
Affected:
>= 3.3.0, < 8.17.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:09:35.613703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:09:45.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "laravel-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 8.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. The vulnerability affects any application that either directly uses the Auth0-PHP SDK (versions 3.3.0\u20138.16.0) or indirectly relies on those versions through the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs. This issue is fixed in version 8.17.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:57:05.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-hjfh-5jmm-xr24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-hjfh-5jmm-xr24"
},
{
"name": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-9mh6-g99m-ppcw",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-9mh6-g99m-ppcw"
},
{
"name": "https://github.com/auth0/symfony/security/advisories/GHSA-7jp2-5h22-m432",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/symfony/security/advisories/GHSA-7jp2-5h22-m432"
},
{
"name": "https://github.com/auth0/wordpress/security/advisories/GHSA-w22c-pw5m-482x",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/wordpress/security/advisories/GHSA-w22c-pw5m-482x"
},
{
"name": "https://github.com/auth0/auth0-PHP/commit/9026da58f5c381cd4cb5932de829eff6eacbb65c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/auth0-PHP/commit/9026da58f5c381cd4cb5932de829eff6eacbb65c"
},
{
"name": "https://github.com/auth0/auth0-PHP/releases/tag/8.17.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/auth0-PHP/releases/tag/8.17.0"
}
],
"source": {
"advisory": "GHSA-hjfh-5jmm-xr24",
"discovery": "UNKNOWN"
},
"title": "auth0-PHP: Improper File Type Handling in Bulk User Import"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58769",
"datePublished": "2025-10-01T19:57:05.692Z",
"dateReserved": "2025-09-04T19:18:09.501Z",
"dateUpdated": "2025-10-01T20:09:45.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48947 (GCVE-0-2025-48947)
Vulnerability from cvelistv5 – Published: 2025-06-04 20:14 – Updated: 2025-06-04 20:50
VLAI?
Summary
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch.
Severity ?
CWE
- CWE-525 - Use of Web Browser Cache Containing Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | nextjs-auth0 |
Affected:
>= 4.0.1, < 4.6.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T20:49:52.962448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:50:02.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nextjs-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.1, \u003c 4.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-525",
"description": "CWE-525: Use of Web Browser Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:14:44.369Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-f3fg-mf2q-fj3f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-f3fg-mf2q-fj3f"
}
],
"source": {
"advisory": "GHSA-f3fg-mf2q-fj3f",
"discovery": "UNKNOWN"
},
"title": "NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48947",
"datePublished": "2025-06-04T20:14:44.369Z",
"dateReserved": "2025-05-28T18:49:07.583Z",
"dateUpdated": "2025-06-04T20:50:02.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48951 (GCVE-0-2025-48951)
Vulnerability from cvelistv5 – Published: 2025-06-03 20:52 – Updated: 2025-06-04 20:32
VLAI?
Summary
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.3.1 contains a patch for the issue.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:33:17.352742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:33:26.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "auth0-PHP",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0-BETA3, \u003c 8.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.3.1 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:32:18.609Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-v9m8-9xxp-q492",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-v9m8-9xxp-q492"
},
{
"name": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-c42h-56wx-h85q",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-c42h-56wx-h85q"
},
{
"name": "https://github.com/auth0/symfony/security/advisories/GHSA-98j6-67v3-mw34",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/symfony/security/advisories/GHSA-98j6-67v3-mw34"
},
{
"name": "https://github.com/auth0/wordpress/security/advisories/GHSA-862m-5253-832r",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/wordpress/security/advisories/GHSA-862m-5253-832r"
},
{
"name": "https://github.com/auth0/auth0-PHP/commit/04b1f5daa8bdfebc5e740ec5ca0fb2df1648a715",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/auth0-PHP/commit/04b1f5daa8bdfebc5e740ec5ca0fb2df1648a715"
}
],
"source": {
"advisory": "GHSA-v9m8-9xxp-q492",
"discovery": "UNKNOWN"
},
"title": "Auth0-PHP SDK Deserialization of Untrusted Data vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48951",
"datePublished": "2025-06-03T20:52:35.064Z",
"dateReserved": "2025-05-28T18:49:07.585Z",
"dateUpdated": "2025-06-04T20:32:18.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47275 (GCVE-0-2025-47275)
Vulnerability from cvelistv5 – Published: 2025-05-15 21:13 – Updated: 2025-05-22 20:03
VLAI?
Summary
Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Certain pre-conditions are required to be vulnerable to this issue: Applications using the Auth0-PHP SDK, or the Auth0/symfony, Auth0/laravel-auth0, and Auth0/wordpress SDKs that rely on the Auth0-PHP SDK; and session storage configured with CookieStore. Upgrade Auth0/Auth0-PHP to v8.14.0 to receive a patch. As an additional precautionary measure, rotating cookie encryption keys is recommended. Note that once updated, any previous session cookies will be rejected.
Severity ?
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T13:37:38.336273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T13:37:44.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "auth0-PHP",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0-BETA1, \u003c 8.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Certain pre-conditions are required to be vulnerable to this issue: Applications using the Auth0-PHP SDK, or the Auth0/symfony, Auth0/laravel-auth0, and Auth0/wordpress SDKs that rely on the Auth0-PHP SDK; and session storage configured with CookieStore. Upgrade Auth0/Auth0-PHP to v8.14.0 to receive a patch. As an additional precautionary measure, rotating cookie encryption keys is recommended. Note that once updated, any previous session cookies will be rejected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T20:03:34.201Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-g98g-r7gf-2r25",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/auth0-PHP/security/advisories/GHSA-g98g-r7gf-2r25"
},
{
"name": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-9fwj-9mjf-rhj3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-9fwj-9mjf-rhj3"
},
{
"name": "https://github.com/auth0/symfony/security/advisories/GHSA-9wg9-93h9-j8ch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/symfony/security/advisories/GHSA-9wg9-93h9-j8ch"
},
{
"name": "https://github.com/auth0/wordpress/security/advisories/GHSA-2f4r-34m4-3w8q",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/wordpress/security/advisories/GHSA-2f4r-34m4-3w8q"
},
{
"name": "https://github.com/auth0/auth0-PHP/commit/52a79480fdb246f59dbc089b81a784ae049bd389",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/auth0-PHP/commit/52a79480fdb246f59dbc089b81a784ae049bd389"
},
{
"name": "https://github.com/auth0/auth0-PHP/releases/tag/8.14.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/auth0-PHP/releases/tag/8.14.0"
}
],
"source": {
"advisory": "GHSA-g98g-r7gf-2r25",
"discovery": "UNKNOWN"
},
"title": "Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47275",
"datePublished": "2025-05-15T21:13:01.150Z",
"dateReserved": "2025-05-05T16:53:10.372Z",
"dateUpdated": "2025-05-22T20:03:34.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46573 (GCVE-0-2025-46573)
Vulnerability from cvelistv5 – Published: 2025-05-06 20:22 – Updated: 2025-05-07 15:34
VLAI?
Summary
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | passport-wsfed-saml2 |
Affected:
>= 3.0.5, < 4.6.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:46:09.234259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:04:03.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "passport-wsfed-saml2",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.5, \u003c 4.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T15:34:04.601Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-8gqj-226h-gm8r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-8gqj-226h-gm8r"
},
{
"name": "https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181"
}
],
"source": {
"advisory": "GHSA-8gqj-226h-gm8r",
"discovery": "UNKNOWN"
},
"title": "passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46573",
"datePublished": "2025-05-06T20:22:00.104Z",
"dateReserved": "2025-04-24T21:10:48.175Z",
"dateUpdated": "2025-05-07T15:34:04.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46572 (GCVE-0-2025-46572)
Vulnerability from cvelistv5 – Published: 2025-05-06 20:18 – Updated: 2025-05-13 19:17
VLAI?
Summary
passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | passport-wsfed-saml2 |
Affected:
>= 3.0.5, < 4.6.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T20:42:56.384918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T19:17:06.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "passport-wsfed-saml2",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.5, \u003c 4.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T16:19:19.618Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-wjmp-wphq-jvqf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-wjmp-wphq-jvqf"
},
{
"name": "https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181"
}
],
"source": {
"advisory": "GHSA-wjmp-wphq-jvqf",
"discovery": "UNKNOWN"
},
"title": "passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46572",
"datePublished": "2025-05-06T20:18:26.379Z",
"dateReserved": "2025-04-24T21:10:48.175Z",
"dateUpdated": "2025-05-13T19:17:06.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46344 (GCVE-0-2025-46344)
Vulnerability from cvelistv5 – Published: 2025-04-29 20:43 – Updated: 2025-04-30 13:17
VLAI?
Summary
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1.
Severity ?
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | nextjs-auth0 |
Affected:
>= 4.0.1, < 4.5.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T13:17:34.099127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T13:17:43.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nextjs-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.1, \u003c 4.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:43:41.538Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-pjr6-jx7r-j4r6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-pjr6-jx7r-j4r6"
},
{
"name": "https://github.com/auth0/nextjs-auth0/commit/a4f061aed02ffa132feca8adfbd11704df17e1c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/nextjs-auth0/commit/a4f061aed02ffa132feca8adfbd11704df17e1c3"
},
{
"name": "https://github.com/auth0/nextjs-auth0/releases/tag/v4.5.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/nextjs-auth0/releases/tag/v4.5.1"
}
],
"source": {
"advisory": "GHSA-pjr6-jx7r-j4r6",
"discovery": "UNKNOWN"
},
"title": "Auth0 NextJS SDK v4 Missing Session Invalidation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46344",
"datePublished": "2025-04-29T20:43:41.538Z",
"dateReserved": "2025-04-22T22:41:54.912Z",
"dateUpdated": "2025-04-30T13:17:43.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6813 (GCVE-0-2023-6813)
Vulnerability from cvelistv5 – Published: 2024-07-10 07:36 – Updated: 2024-08-02 08:42
VLAI?
Summary
The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | Login by Auth0 |
Affected:
* , ≤ 4.6.0
(semver)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:07:29.400354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:07:51.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c4e0d48-fde1-45dd-8e06-4582cf677579?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3114611%40auth0\u0026new=3114611%40auth0\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Login by Auth0",
"vendor": "auth0",
"versions": [
{
"lessThanOrEqual": "4.6.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018wle\u2019 parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:36:43.632Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c4e0d48-fde1-45dd-8e06-4582cf677579?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3114611%40auth0\u0026new=3114611%40auth0\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-09T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Login by Auth0 \u003c= 4.6.0 - Reflected Cross-Site Scripting via wle"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6813",
"datePublished": "2024-07-10T07:36:43.632Z",
"dateReserved": "2023-12-13T22:11:35.891Z",
"dateUpdated": "2024-08-02T08:42:07.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23539 (GCVE-0-2022-23539)
Vulnerability from cvelistv5 – Published: 2022-12-22 23:20 – Updated: 2025-04-15 13:31
VLAI?
Summary
Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | node-jsonwebtoken |
Affected:
<= 8.5.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T13:31:06.210734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:31:34.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "node-jsonwebtoken",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c= 8.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions `\u003c=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you\u2019ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:19.474Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"source": {
"advisory": "GHSA-8cf7-32gw-wr33",
"discovery": "UNKNOWN"
},
"title": "jsonwebtoken unrestricted key type could lead to legacy keys usage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23539",
"datePublished": "2022-12-22T23:20:47.855Z",
"dateReserved": "2022-01-19T21:23:53.795Z",
"dateUpdated": "2025-04-15T13:31:34.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23540 (GCVE-0-2022-23540)
Vulnerability from cvelistv5 – Published: 2022-12-22 18:02 – Updated: 2025-02-13 16:32
VLAI?
Summary
In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.
Severity ?
6.4 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | node-jsonwebtoken |
Affected:
<= 8.5.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T16:23:30.289495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T16:23:36.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-jsonwebtoken",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c= 8.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In versions `\u003c=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don\u2019t need to allow for the `none` algorithm. If you need \u0027none\u0027 algorithm, you have to explicitly specify that in `jwt.verify()` options."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:37.272Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"source": {
"advisory": "GHSA-qwph-4952-7xr6",
"discovery": "UNKNOWN"
},
"title": "jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23540",
"datePublished": "2022-12-22T18:02:24.770Z",
"dateReserved": "2022-01-19T21:23:53.795Z",
"dateUpdated": "2025-02-13T16:32:21.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23541 (GCVE-0-2022-23541)
Vulnerability from cvelistv5 – Published: 2022-12-22 17:52 – Updated: 2025-02-13 16:32
VLAI?
Summary
jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.
Severity ?
5 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | node-jsonwebtoken |
Affected:
<= 8.5.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:50:35.348040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:50:42.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-jsonwebtoken",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c= 8.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jsonwebtoken is an implementation of JSON Web Tokens. Versions `\u003c= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1259",
"description": "CWE-1259: Improper Restriction of Security Token Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:39.389Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3"
},
{
"name": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-jsonwebtoken/releases/tag/v9.0.0"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"source": {
"advisory": "GHSA-hjrf-2m68-5959",
"discovery": "UNKNOWN"
},
"title": "jsonwebtoken\u0027s insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23541",
"datePublished": "2022-12-22T17:52:22.173Z",
"dateReserved": "2022-01-19T21:23:53.796Z",
"dateUpdated": "2025-02-13T16:32:22.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23505 (GCVE-0-2022-23505)
Vulnerability from cvelistv5 – Published: 2022-12-13 07:04 – Updated: 2025-04-23 16:28
VLAI?
Summary
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround.
Severity ?
5.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | passport-wsfed-saml2 |
Affected:
< 4.6.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:47:12.786040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:28:35.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "passport-wsfed-saml2",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T07:04:23.487Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-ppjq-qxhx-m25f"
}
],
"source": {
"advisory": "GHSA-ppjq-qxhx-m25f",
"discovery": "UNKNOWN"
},
"title": "Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23505",
"datePublished": "2022-12-13T07:04:23.487Z",
"dateReserved": "2022-01-19T21:23:53.773Z",
"dateUpdated": "2025-04-23T16:28:35.321Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29172 (GCVE-0-2022-29172)
Vulnerability from cvelistv5 – Published: 2022-05-05 22:50 – Updated: 2025-04-23 18:30
VLAI?
Summary
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields” feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient's name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fields” feature in your application. Upgrade to version `11.33.0`.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:53.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/lock/security/advisories/GHSA-7ww6-75fj-jcj7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/lock/commit/79ae557d331274b114848150f19832ae341771b1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:07:48.610285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:30:53.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lock",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 11.33.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the \u201cadditional signup fields\u201d feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient\u0027s name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the \u201cadditional signup fields\u201d feature in your application. Upgrade to version `11.33.0`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T22:50:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/lock/security/advisories/GHSA-7ww6-75fj-jcj7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/lock/commit/79ae557d331274b114848150f19832ae341771b1"
}
],
"source": {
"advisory": "GHSA-7ww6-75fj-jcj7",
"discovery": "UNKNOWN"
},
"title": "HTML injection with additional signup fields",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29172",
"STATE": "PUBLIC",
"TITLE": "HTML injection with additional signup fields"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lock",
"version": {
"version_data": [
{
"version_value": "\u003c 11.33.0"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the \u201cadditional signup fields\u201d feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient\u0027s name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the \u201cadditional signup fields\u201d feature in your application. Upgrade to version `11.33.0`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/lock/security/advisories/GHSA-7ww6-75fj-jcj7",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/lock/security/advisories/GHSA-7ww6-75fj-jcj7"
},
{
"name": "https://github.com/auth0/lock/commit/79ae557d331274b114848150f19832ae341771b1",
"refsource": "MISC",
"url": "https://github.com/auth0/lock/commit/79ae557d331274b114848150f19832ae341771b1"
}
]
},
"source": {
"advisory": "GHSA-7ww6-75fj-jcj7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29172",
"datePublished": "2022-05-05T22:50:09.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:30:53.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24794 (GCVE-0-2022-24794)
Vulnerability from cvelistv5 – Published: 2022-03-31 22:45 – Updated: 2025-04-23 18:42
VLAI?
Summary
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds.
Severity ?
7.5 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | express-openid-connect |
Affected:
< 2.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7p99-3798-f85c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/express-openid-connect/commit/0947b92164a2c5f661ebcc183d37e7f21de719ad"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:08:21.338002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:42:41.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "express-openid-connect",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T22:45:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7p99-3798-f85c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/express-openid-connect/commit/0947b92164a2c5f661ebcc183d37e7f21de719ad"
}
],
"source": {
"advisory": "GHSA-7p99-3798-f85c",
"discovery": "UNKNOWN"
},
"title": "Open Redirect in express-openid-connect",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24794",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in express-openid-connect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "express-openid-connect",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.2"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7p99-3798-f85c",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7p99-3798-f85c"
},
{
"name": "https://github.com/auth0/express-openid-connect/commit/0947b92164a2c5f661ebcc183d37e7f21de719ad",
"refsource": "MISC",
"url": "https://github.com/auth0/express-openid-connect/commit/0947b92164a2c5f661ebcc183d37e7f21de719ad"
}
]
},
"source": {
"advisory": "GHSA-7p99-3798-f85c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24794",
"datePublished": "2022-03-31T22:45:14.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:42:41.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43812 (GCVE-0-2021-43812)
Vulnerability from cvelistv5 – Published: 2021-12-16 18:20 – Updated: 2024-08-04 04:03
VLAI?
Summary
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Severity ?
6.4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | nextjs-auth0 |
Affected:
< 1.6.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nextjs-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-16T18:20:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6"
}
],
"source": {
"advisory": "GHSA-2mqv-4j3r-vjvp",
"discovery": "UNKNOWN"
},
"title": "Open redirect in nextjs-auth0",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43812",
"STATE": "PUBLIC",
"TITLE": "Open redirect in nextjs-auth0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nextjs-auth0",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.2"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp"
},
{
"name": "https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6",
"refsource": "MISC",
"url": "https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6"
}
]
},
"source": {
"advisory": "GHSA-2mqv-4j3r-vjvp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43812",
"datePublished": "2021-12-16T18:20:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41246 (GCVE-0-2021-41246)
Vulnerability from cvelistv5 – Published: 2021-12-09 15:55 – Updated: 2024-08-04 03:08
VLAI?
Summary
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue.
Severity ?
4.6 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | express-openid-connect |
Affected:
>= 2.3.0, < 2.5.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7rg2-qxmf-hhx9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/express-openid-connect/commit/5ab67ff2bd84f76674066b5e129b43ab5f2f430f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/express-openid-connect/releases/tag/v2.5.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "express-openid-connect",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-09T15:55:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7rg2-qxmf-hhx9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/express-openid-connect/commit/5ab67ff2bd84f76674066b5e129b43ab5f2f430f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/express-openid-connect/releases/tag/v2.5.2"
}
],
"source": {
"advisory": "GHSA-7rg2-qxmf-hhx9",
"discovery": "UNKNOWN"
},
"title": "Session fixation in express-openid-connect",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41246",
"STATE": "PUBLIC",
"TITLE": "Session fixation in express-openid-connect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "express-openid-connect",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.3.0, \u003c 2.5.2"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7rg2-qxmf-hhx9",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/express-openid-connect/security/advisories/GHSA-7rg2-qxmf-hhx9"
},
{
"name": "https://github.com/auth0/express-openid-connect/commit/5ab67ff2bd84f76674066b5e129b43ab5f2f430f",
"refsource": "MISC",
"url": "https://github.com/auth0/express-openid-connect/commit/5ab67ff2bd84f76674066b5e129b43ab5f2f430f"
},
{
"name": "https://github.com/auth0/express-openid-connect/releases/tag/v2.5.2",
"refsource": "MISC",
"url": "https://github.com/auth0/express-openid-connect/releases/tag/v2.5.2"
}
]
},
"source": {
"advisory": "GHSA-7rg2-qxmf-hhx9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41246",
"datePublished": "2021-12-09T15:55:10",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T03:08:31.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32702 (GCVE-0-2021-32702)
Vulnerability from cvelistv5 – Published: 2021-06-25 16:25 – Updated: 2024-08-03 23:25
VLAI?
Summary
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | nextjs-auth0 |
Affected:
< 1.4.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-954c-jjx6-cxv7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/nextjs-auth0/commit/6996e2528ceed98627caa28abafbc09e90163ccf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.npmjs.com/package/%40auth0/nextjs-auth0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nextjs-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-25T16:25:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-954c-jjx6-cxv7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/nextjs-auth0/commit/6996e2528ceed98627caa28abafbc09e90163ccf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.npmjs.com/package/%40auth0/nextjs-auth0"
}
],
"source": {
"advisory": "GHSA-954c-jjx6-cxv7",
"discovery": "UNKNOWN"
},
"title": "Reflected XSS from the callback handler\u0027s error query parameter",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32702",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS from the callback handler\u0027s error query parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nextjs-auth0",
"version": {
"version_data": [
{
"version_value": "\u003c 1.4.2"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-954c-jjx6-cxv7",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-954c-jjx6-cxv7"
},
{
"name": "https://github.com/auth0/nextjs-auth0/commit/6996e2528ceed98627caa28abafbc09e90163ccf",
"refsource": "MISC",
"url": "https://github.com/auth0/nextjs-auth0/commit/6996e2528ceed98627caa28abafbc09e90163ccf"
},
{
"name": "https://www.npmjs.com/package/@auth0/nextjs-auth0",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/@auth0/nextjs-auth0"
}
]
},
"source": {
"advisory": "GHSA-954c-jjx6-cxv7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32702",
"datePublished": "2021-06-25T16:25:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32641 (GCVE-0-2021-32641)
Vulnerability from cvelistv5 – Published: 2021-06-04 21:10 – Updated: 2024-08-03 23:25
VLAI?
Summary
auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library's `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/lock/security/advisories/GHSA-jr3j-whm4-9wwm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/lock/commit/d139cf01c8234b07caf265e051f39d3eab08f7ed"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/lock/releases/tag/v11.30.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lock",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c= 11.30.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "auth0-lock is Auth0\u0027s signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library\u0027s `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library\u0027s `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T21:10:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/lock/security/advisories/GHSA-jr3j-whm4-9wwm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/lock/commit/d139cf01c8234b07caf265e051f39d3eab08f7ed"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/lock/releases/tag/v11.30.1"
}
],
"source": {
"advisory": "GHSA-jr3j-whm4-9wwm",
"discovery": "UNKNOWN"
},
"title": "Reflected XSS when using flashMessages",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32641",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS when using flashMessages"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lock",
"version": {
"version_data": [
{
"version_value": "\u003c= 11.30.0"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "auth0-lock is Auth0\u0027s signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library\u0027s `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library\u0027s `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/lock/security/advisories/GHSA-jr3j-whm4-9wwm",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/lock/security/advisories/GHSA-jr3j-whm4-9wwm"
},
{
"name": "https://github.com/auth0/lock/commit/d139cf01c8234b07caf265e051f39d3eab08f7ed",
"refsource": "MISC",
"url": "https://github.com/auth0/lock/commit/d139cf01c8234b07caf265e051f39d3eab08f7ed"
},
{
"name": "https://github.com/auth0/lock/releases/tag/v11.30.1",
"refsource": "MISC",
"url": "https://github.com/auth0/lock/releases/tag/v11.30.1"
}
]
},
"source": {
"advisory": "GHSA-jr3j-whm4-9wwm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32641",
"datePublished": "2021-06-04T21:10:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15259 (GCVE-0-2020-15259)
Vulnerability from cvelistv5 – Published: 2020-11-06 19:35 – Updated: 2024-08-04 13:15
VLAI?
Summary
ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13.
Severity ?
8.1 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | ad-ldap-connector |
Affected:
< 0.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:18.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/ad-ldap-connector/security/advisories/GHSA-vx5q-cp9v-427v"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/ad-ldap-connector/commit/8b793631ec5ecacf63ff3ece23231a9e138ae911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ad-ldap-connector",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ad-ldap-connector\u0027s admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions \u003c=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T19:35:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/ad-ldap-connector/security/advisories/GHSA-vx5q-cp9v-427v"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/ad-ldap-connector/commit/8b793631ec5ecacf63ff3ece23231a9e138ae911"
}
],
"source": {
"advisory": "GHSA-vx5q-cp9v-427v",
"discovery": "UNKNOWN"
},
"title": "CSRF in Auth0 ad-ldap-connector",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15259",
"STATE": "PUBLIC",
"TITLE": "CSRF in Auth0 ad-ldap-connector"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ad-ldap-connector",
"version": {
"version_data": [
{
"version_value": "\u003c 0.0.1"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ad-ldap-connector\u0027s admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions \u003c=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/ad-ldap-connector/security/advisories/GHSA-vx5q-cp9v-427v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/ad-ldap-connector/security/advisories/GHSA-vx5q-cp9v-427v"
},
{
"name": "https://github.com/auth0/ad-ldap-connector/commit/8b793631ec5ecacf63ff3ece23231a9e138ae911",
"refsource": "MISC",
"url": "https://github.com/auth0/ad-ldap-connector/commit/8b793631ec5ecacf63ff3ece23231a9e138ae911"
}
]
},
"source": {
"advisory": "GHSA-vx5q-cp9v-427v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15259",
"datePublished": "2020-11-06T19:35:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:15:18.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15240 (GCVE-0-2020-15240)
Vulnerability from cvelistv5 – Published: 2020-10-21 17:25 – Updated: 2024-08-04 13:08
VLAI?
Summary
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.
Severity ?
7.4 (High)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | omniauth-auth0 |
Affected:
>= 2.3.0, <2.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rubygems.org/gems/omniauth-auth0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "omniauth-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c2.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "omniauth-auth0 (rubygems) versions \u003e= 2.3.0 and \u003c 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK\u2019s default Authorization Code Flow. The issue is patched in version 2.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T17:25:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rubygems.org/gems/omniauth-auth0"
}
],
"source": {
"advisory": "GHSA-58r4-h6v8-jcvm",
"discovery": "UNKNOWN"
},
"title": "Regression in JWT Signature Validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15240",
"STATE": "PUBLIC",
"TITLE": "Regression in JWT Signature Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "omniauth-auth0",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.3.0, \u003c2.4.1"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "omniauth-auth0 (rubygems) versions \u003e= 2.3.0 and \u003c 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK\u2019s default Authorization Code Flow. The issue is patched in version 2.4.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm"
},
{
"name": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a",
"refsource": "MISC",
"url": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a"
},
{
"name": "https://rubygems.org/gems/omniauth-auth0",
"refsource": "MISC",
"url": "https://rubygems.org/gems/omniauth-auth0"
}
]
},
"source": {
"advisory": "GHSA-58r4-h6v8-jcvm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15240",
"datePublished": "2020-10-21T17:25:14",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15119 (GCVE-0-2020-15119)
Vulnerability from cvelistv5 – Published: 2020-08-19 21:20 – Updated: 2024-08-04 13:08
VLAI?
Summary
In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/lock/security/advisories/GHSA-6gg3-pmm7-97xc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lock",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c= 11.25.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-19T21:20:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/lock/security/advisories/GHSA-6gg3-pmm7-97xc"
}
],
"source": {
"advisory": "GHSA-6gg3-pmm7-97xc",
"discovery": "UNKNOWN"
},
"title": "DOM-based XSS in auth0-lock",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15119",
"STATE": "PUBLIC",
"TITLE": "DOM-based XSS in auth0-lock"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lock",
"version": {
"version_data": [
{
"version_value": "\u003c= 11.25.1"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-site scripting (XSS) attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/lock/security/advisories/GHSA-6gg3-pmm7-97xc",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/lock/security/advisories/GHSA-6gg3-pmm7-97xc"
}
]
},
"source": {
"advisory": "GHSA-6gg3-pmm7-97xc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15119",
"datePublished": "2020-08-19T21:20:11",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15125 (GCVE-0-2020-15125)
Vulnerability from cvelistv5 – Published: 2020-07-29 16:25 – Updated: 2024-08-04 13:08
VLAI?
Summary
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0's management API
Severity ?
7.7 (High)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | node-auth0 |
Affected:
< 2.27.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/node-auth0/security/advisories/GHSA-5jpf-pj32-xx53"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/node-auth0/pull/507"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/node-auth0/tree/v2.27.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c 2.27.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0\u0027s management API"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T16:25:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/node-auth0/security/advisories/GHSA-5jpf-pj32-xx53"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-auth0/pull/507"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/node-auth0/tree/v2.27.1"
}
],
"source": {
"advisory": "GHSA-5jpf-pj32-xx53",
"discovery": "UNKNOWN"
},
"title": "Authorization header is not sanitized in an error object in auth0",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15125",
"STATE": "PUBLIC",
"TITLE": "Authorization header is not sanitized in an error object in auth0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-auth0",
"version": {
"version_data": [
{
"version_value": "\u003c 2.27.1"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0\u0027s management API"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/node-auth0/security/advisories/GHSA-5jpf-pj32-xx53",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/node-auth0/security/advisories/GHSA-5jpf-pj32-xx53"
},
{
"name": "https://github.com/auth0/node-auth0/pull/507",
"refsource": "MISC",
"url": "https://github.com/auth0/node-auth0/pull/507"
},
{
"name": "https://github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c",
"refsource": "MISC",
"url": "https://github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c"
},
{
"name": "https://github.com/auth0/node-auth0/tree/v2.27.1",
"refsource": "MISC",
"url": "https://github.com/auth0/node-auth0/tree/v2.27.1"
}
]
},
"source": {
"advisory": "GHSA-5jpf-pj32-xx53",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15125",
"datePublished": "2020-07-29T16:25:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15084 (GCVE-0-2020-15084)
Vulnerability from cvelistv5 – Published: 2020-06-30 16:10 – Updated: 2024-08-04 13:08
VLAI?
Summary
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.
Severity ?
7.7 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| auth0 | express-jwt |
Affected:
<= 5.3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "express-jwt",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T16:10:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef"
}
],
"source": {
"advisory": "GHSA-6g6m-m6h5-w9gf",
"discovery": "UNKNOWN"
},
"title": "Authorization bypass in express-jwt",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15084",
"STATE": "PUBLIC",
"TITLE": "Authorization bypass in express-jwt"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "express-jwt",
"version": {
"version_data": [
{
"version_value": "\u003c= 5.3.3"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf"
},
{
"name": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef",
"refsource": "MISC",
"url": "https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef"
}
]
},
"source": {
"advisory": "GHSA-6g6m-m6h5-w9gf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15084",
"datePublished": "2020-06-30T16:10:12",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5263 (GCVE-0-2020-5263)
Vulnerability from cvelistv5 – Published: 2020-04-09 15:50 – Updated: 2024-08-04 08:22
VLAI?
Summary
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3
Severity ?
5.5 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/auth0.js/security/advisories/GHSA-prfq-f66g-43mp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "auth0.js",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 9.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T15:50:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/auth0.js/security/advisories/GHSA-prfq-f66g-43mp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828"
}
],
"source": {
"advisory": "GHSA-prfq-f66g-43mp",
"discovery": "UNKNOWN"
},
"title": "Information disclosure through error object",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5263",
"STATE": "PUBLIC",
"TITLE": "Information disclosure through error object"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "auth0.js",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c 9.12.3"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/auth0.js/security/advisories/GHSA-prfq-f66g-43mp",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/auth0.js/security/advisories/GHSA-prfq-f66g-43mp"
},
{
"name": "https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828",
"refsource": "MISC",
"url": "https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828"
}
]
},
"source": {
"advisory": "GHSA-prfq-f66g-43mp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5263",
"datePublished": "2020-04-09T15:50:12",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-04T08:22:09.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7948 (GCVE-0-2020-7948)
Vulnerability from cvelistv5 – Published: 2020-04-01 12:53 – Updated: 2024-08-04 09:48
VLAI?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:53:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/auth0/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"name": "https://auth0.com/docs/cms/wordpress",
"refsource": "MISC",
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7948",
"datePublished": "2020-04-01T12:53:18",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7947 (GCVE-0-2020-7947)
Vulnerability from cvelistv5 – Published: 2020-04-01 12:51 – Updated: 2024-08-04 09:48
VLAI?
Summary
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn\u0027t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:51:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn\u0027t sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/auth0/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/auth0/#developers"
},
{
"name": "https://auth0.com/docs/cms/wordpress",
"refsource": "MISC",
"url": "https://auth0.com/docs/cms/wordpress"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7947",
"datePublished": "2020-04-01T12:51:59",
"dateReserved": "2020-01-24T00:00:00",
"dateUpdated": "2024-08-04T09:48:24.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5391 (GCVE-0-2020-5391)
Vulnerability from cvelistv5 – Published: 2020-04-01 12:50 – Updated: 2024-08-04 08:30
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T12:50:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/wp-auth0/releases",
"refsource": "MISC",
"url": "https://github.com/auth0/wp-auth0/releases"
},
{
"name": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0",
"refsource": "CONFIRM",
"url": "https://auth0.com/docs/security/bulletins/2020-03-31_wpauth0"
},
{
"name": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/wp-auth0/security/advisories/GHSA-59vf-cgfw-6h6v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5391",
"datePublished": "2020-04-01T12:50:26",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-08-04T08:30:23.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}