CVE-2022-3119 The OAuth client plugin before 3.0.4 doesn't have authorization and CSRF, which could allow attackers to update the settings and change the OAuth endpoints.
when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then
CVE-2022-31679 An attacker can access HTTP PATCH requests to the REST API in 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older versions if they know the structure of the domain model.
For example, they can use this technique to cause a service to generate a new revision of a given entity every time an HTTP request
CVE-2022-36087 OAuthLib is a library for OAuth request signing. An attacker with malicious redirect uri can cause DoS.
CVE-2019-8678 An attacker can bypass authorization workflow and steal sensitive data by injecting malicious redirect URI into the flow. OAuthLib apps that use `uri_validate`
CVE-2022-31162 Slack OAuth client information can leak in application debug logs before 0.41.0.
If you encounter issues while debugging an application, search for any application logs that contain the word “OAuth” and review the information being printed. An
CVE-2022-30622 The system discloses usernames and passwords, which means it's possible to enter the system. The system loads the request clearly by default.
The server code is very vulnerable, as it is described in the following example. In addition, the server has hard-coded authentication credentials (admin/admin). Path
Episode
00:00:00
00:00:00