OAuth - CVE CyberSecurity Database News (Page 2)

Feb 29, 2024 Exploit OAuth dpgaspar Flask-AppBuilder

CVE-2024-25128 - Flask-AppBuilder OpenID 2. Vulnerability Exploit and Mitigation

Flask-AppBuilder is a popular application development framework heavily used by web developers to create web applications easily, thanks to its flexibility and complete Python-Flask integration.

Dec 21, 2023 Exploit OAuth Red Hat Red Hat Single Sign-On 7.6 for RHEL 9

CVE-2023-2585: A Deep Dive into Keycloak's Device Authorization Grant Vulnerability and How to Exploit It

CVE-2023-2585 is a significant security vulnerability recently discovered in Keycloak, a widely-used open-source identity and access management (IAM) solution. Keycloak's device authorization grant

Oct 4, 2023 Exploit OAuth Red Hat RHEL-8 based Middleware Containers

CVE-2023-2422: Keycloak mTLS Authentication Compromised; Client Certificate Chain Verification Flawed

The Keycloak identity and access management system, which supports OAuth and OpenID Connect (OIDC) clients, has been found with a serious vulnerability (CVE-2023-2422). This post

CVE-2023-3115: GitLab EE Single Sign On Vulnerability Affecting Public Members-Only Project Repositories Access Control

Sep 29, 2023 API Exploit OAuth Google GitLab

CVE-2023-3115: GitLab EE Single Sign On Vulnerability Affecting Public Members-Only Project Repositories Access Control

A recently discovered security vulnerability in GitLab EE, known as CVE-2023-3115, has been found to affect multiple versions of the popular web-based Git repository manager.

CVE-2022-4137 - Reflected Cross-Site Scripting (XSS) Vulnerability in Keycloak's 'oob' OAuth Endpoint

Sep 25, 2023 XSS Exploit OAuth Red Hat Red Hat Single Sign-On 7.6 for RHEL 7

CVE-2022-4137 - Reflected Cross-Site Scripting (XSS) Vulnerability in Keycloak's 'oob' OAuth Endpoint

A security vulnerability, assigned as CVE-2022-4137, was recently discovered in the 'oob' OAuth endpoint of Keycloak, which is an open-source identity and access